{"id":"GO-2023-2000","summary":"Large RSA keys can cause high resource usage in github.com/libp2p/go-libp2p","details":"Large RSA keys can lead to resource exhaustion attacks.\n\nWith fix, the size of RSA keys transmitted during handshakes is restricted to \u003c= 8192 bits.","aliases":["CVE-2023-39533","GHSA-876p-8259-xjgg"],"modified":"2024-05-20T16:03:47Z","published":"2023-08-08T23:49:18Z","database_specific":{"review_status":"REVIEWED","url":"https://pkg.go.dev/vuln/GO-2023-2000"},"references":[{"type":"ADVISORY","url":"https://github.com/libp2p/go-libp2p/security/advisories/GHSA-876p-8259-xjgg"},{"type":"REPORT","url":"https://go.dev/issue/61460"},{"type":"FIX","url":"https://github.com/libp2p/go-libp2p/commit/0cce607219f3710addc7e18672cffd1f1d912fbb"}],"affected":[{"package":{"name":"github.com/libp2p/go-libp2p","ecosystem":"Go","purl":"pkg:golang/github.com/libp2p/go-libp2p"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"0.27.8"},{"introduced":"0.28.0"},{"fixed":"0.28.2"},{"introduced":"0.29.0"},{"fixed":"0.29.1"}]}],"ecosystem_specific":{"imports":[{"path":"github.com/libp2p/go-libp2p/core/crypto","symbols":["GenerateKeyPair","GenerateKeyPairWithReader","GenerateRSAKeyPair","PublicKeyFromProto","UnmarshalPrivateKey","UnmarshalPublicKey","UnmarshalRsaPrivateKey","UnmarshalRsaPublicKey"]}]},"database_specific":{"source":"https://vuln.go.dev/ID/GO-2023-2000.json"}}],"schema_version":"1.7.3"}