RUSTSEC-2022-0084

See a problem?
Please try reporting it to the source first.

Source

https://rustsec.org/advisories/RUSTSEC-2022-0084

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0084.json

JSON Data

https://api.osv.dev/v1/vulns/RUSTSEC-2022-0084

Aliases

Published

2022-07-12T12:00:00Z

Modified

2023-11-08T04:08:18.938960Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

libp2p Lack of resource management DoS

Details

libp2p allows a potential attacker to cause victim p2p node to run out of memory

The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service (DoS) vector

Users should upgrade or reference the DoS mitigation strategies.

Database specific

{
    "license": "CC0-1.0"
}

References

Affected packages

crates.io / libp2p

Package

Name: libp2p; View open source insights on deps.dev
Purl: pkg:cargo/libp2p

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.45.1

Ecosystem specific

{
    "affected_functions": null,
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}