Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion
Vulnerability Description
libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed in 0.17.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
rust-libp2p 安全漏洞
Vulnerability Description
rust-libp2p是libp2p开源的一种 libp2p 网络堆栈的 Rust 实现。 rust-libp2p 0.17.1之前版本存在安全漏洞,该漏洞源于会合服务器存储分页cookie时未设置边界,可能导致未经身份验证的对等节点通过重复发出DISCOVER请求,造成无限制的内存增长。
CVSS Information
N/A
Vulnerability Type
N/A