Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers
Vulnerability Description
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. Keep doing this long enough (or with multiple sybil peers) and the server process gets OOM killed. This vulnerability is fixed in 0.17.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
rust-libp2p 安全漏洞
Vulnerability Description
rust-libp2p是libp2p开源的一种 libp2p 网络堆栈的 Rust 实现。 rust-libp2p 0.17.1之前版本存在安全漏洞,该漏洞源于rendezvous服务器对单个对等体可注册的命名空间数量无限制,可能导致内存耗尽和拒绝服务攻击。
CVSS Information
N/A
Vulnerability Type
N/A