libp2p Lack of resource management DoS
| Details |
|
| Package |
libp2p |
| Version |
0.40.0 |
| URL |
GHSA-jvgw-gccv-q5p8 |
| Date |
2022-07-12 |
| Patched versions |
>=0.45.1 |
libp2p allows a potential attacker to cause victim p2p node to run out of memory
The out of memory failure can cause crashes where libp2p is intended to be used
within large scale networks leading to potential Denial of Service (DoS) vector
Users should upgrade or reference the DoS mitigation strategies.
See advisory page for additional details.
libp2p0.40.0>=0.45.1libp2p allows a potential attacker to cause victim p2p node to run out of memory
The out of memory failure can cause crashes where libp2p is intended to be used
within large scale networks leading to potential Denial of Service (DoS) vector
Users should upgrade or reference the DoS mitigation strategies.
See advisory page for additional details.