HIGH🇬🇧 English

CVE-2026-35457

CVSS 8.2v3.1pub. 2026-04-07upd. 2026-04-24

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed in 0.17.1.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
  • Protocol Libp2p

    APP
    Protocol
    < 0.17.1
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-35405HIGH7.5ten sam produkt

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp...

CVE-2023-40583HIGH7.5ten sam produkt

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other...

CVE-2022-23492HIGH7.5ten sam produkt

go-libp2p is the offical libp2p implementation in the Go programming language. Version `0.18.0` and older of g...

CVE-2022-23486HIGH7.5ten sam produkt

libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to ...

CVE-2022-23487HIGH7.5ten sam produkt

js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` ...