Large RSA keys can lead to resource exhaustion attacks.
With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits.
{ "review_status": "REVIEWED", "url": "https://pkg.go.dev/vuln/GO-2023-2000" }
{ "imports": [ { "path": "github.com/libp2p/go-libp2p/core/crypto", "symbols": [ "GenerateKeyPair", "GenerateKeyPairWithReader", "GenerateRSAKeyPair", "PublicKeyFromProto", "UnmarshalPrivateKey", "UnmarshalPublicKey", "UnmarshalRsaPrivateKey", "UnmarshalRsaPublicKey" ] } ] }