{"id":"GO-2023-1766","summary":"Denial of service from memory leak in github.com/ipfs/go-libipfs","details":"An attacker can cause a Bitswap server to allocate and leak unbounded amounts of memory.","aliases":["CVE-2023-25568","GHSA-m974-xj4j-7qv5","GHSA-q3j6-22wf-3jh9"],"modified":"2024-05-20T16:03:47Z","published":"2023-06-14T17:22:51Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2023-1766"},"references":[{"type":"ADVISORY","url":"https://github.com/ipfs/go-libipfs/security/advisories/GHSA-m974-xj4j-7qv5"}],"affected":[{"package":{"name":"github.com/ipfs/go-libipfs","ecosystem":"Go","purl":"pkg:golang/github.com/ipfs/go-libipfs"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.4.1"},{"introduced":"0.5.0"},{"fixed":"0.6.0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/ipfs/go-libipfs/bitswap/server"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1766.json"}},{"package":{"name":"github.com/ipfs/go-bitswap","ecosystem":"Go","purl":"pkg:golang/github.com/ipfs/go-bitswap"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.12.0"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/ipfs/go-bitswap/server"}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-1766.json"}}],"schema_version":"1.7.3"}