Libp2p Libp2p

  1. Vendors
  2. Libp2p
Do you want an email whenever new security vulnerabilities are reported in any Libp2p product?

Products by Libp2p Sorted by Most Security Vulnerabilities since 2018

Go Libp2p1 vulnerability

Libp2p1 vulnerability

Libp2p Deflate1 vulnerability

By the Year

In 2024 there have been 0 vulnerabilities in Libp2p . Last year Libp2p had 1 security vulnerability published. Right now, Libp2p is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 7.50
2022 0 0.00
2021 1 9.80
2020 0 0.00
2019 1 7.50
2018 0 0.00

It may take a day or so for new Libp2p vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Libp2p Security Vulnerabilities

go-libp2p is the Go implementation of the libp2p Networking Stack

CVE-2023-39533 7.5 - High - August 08, 2023

go-libp2p is the Go implementation of the libp2p Networking Stack. Prior to versions 0.27.8, 0.28.2, and 0.29.1 malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p versions 0.27.8, 0.28.2, and 0.29.1 restrict RSA keys to <= 8192 bits. To protect one's application, it is necessary to update to these patch releases and to use the updated Go compiler in 1.20.7 or 1.19.12. There are no known workarounds for this issue.

Allocation of Resources Without Limits or Throttling

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust

CVE-2020-36443 9.8 - Critical - August 08, 2021

An issue was discovered in the libp2p-deflate crate before 0.27.1 for Rust. An uninitialized buffer is passed to AsyncRead::poll_read(), which is a user-provided trait function.

Use of Uninitialized Resource

An issue was discovered in the libp2p-core crate before 0.8.1 for Rust

CVE-2019-15545 7.5 - High - August 26, 2019

An issue was discovered in the libp2p-core crate before 0.8.1 for Rust. Attackers can spoof ed25519 signatures.

Improper Verification of Cryptographic Signature

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.