{"id":"RUSTSEC-2022-0084","summary":"libp2p Lack of resource management DoS","details":"libp2p allows a potential attacker to cause victim p2p node to run out of memory\n\nThe out of memory failure can cause crashes where libp2p is intended to be used\nwithin large scale networks leading to potential Denial of Service (DoS) vector\n\nUsers should upgrade or reference the [DoS mitigation strategies](https://docs.libp2p.io/reference/dos-mitigation/).","aliases":["CVE-2022-23486","GHSA-jvgw-gccv-q5p8"],"modified":"2023-11-08T04:08:18.938960Z","published":"2022-07-12T12:00:00Z","database_specific":{"license":"CC0-1.0"},"references":[{"type":"PACKAGE","url":"https://crates.io/crates/libp2p"},{"type":"ADVISORY","url":"https://rustsec.org/advisories/RUSTSEC-2022-0084.html"},{"type":"ADVISORY","url":"https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8"}],"affected":[{"package":{"name":"libp2p","ecosystem":"crates.io","purl":"pkg:cargo/libp2p"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0.0.0-0"},{"fixed":"0.45.1"}]}],"ecosystem_specific":{"affects":{"os":[],"functions":[],"arch":[]},"affected_functions":null},"database_specific":{"informational":null,"source":"https://github.com/rustsec/advisory-db/blob/osv/crates/RUSTSEC-2022-0084.json","categories":["denial-of-service"],"cvss":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}