RUSTSEC-2022-0084

Source

https://rustsec.org/advisories/RUSTSEC-2022-0084

Import Source

https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0084.json

Aliases

CVE-2022-23486
GHSA-jvgw-gccv-q5p8

Published

2022-07-12T12:00:00Z

Modified

2023-11-08T04:08:18.938960Z

Details

libp2p allows a potential attacker to cause victim p2p node to run out of memory

The out of memory failure can cause crashes where libp2p is intended to be used within large scale networks leading to potential Denial of Service (DoS) vector

Users should upgrade or reference the DoS mitigation strategies.

References

https://crates.io/crates/libp2p
https://rustsec.org/advisories/RUSTSEC-2022-0084.html
https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8

Affected packages

crates.io / libp2p

Package

Name: libp2p

Affected ranges

Type: SEMVER
Events: Introduced

0.0.0-0

Fixed

0.45.1

Ecosystem specific

{
    "affects": {
        "os": [],
        "functions": [],
        "arch": []
    }
}

Database specific

{
    "cvss": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "informational": null,
    "categories": [
        "denial-of-service"
    ]
}