Vulnerabilities > CVE-2020-10937 - Unspecified vulnerability in Protocol Ipfs 0.4.23

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

protocol

NVD

Published: 2020-11-02

Updated: 2020-11-13

Summary

An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.

Vulnerable Configurations

Part	Description	Count
Application	Protocol Protocol Ipfs 0.4.23	1

References

https://blog.ipfs.io/2020-10-30-dht-hardening/
https://graz.pure.elsevier.com/en/publications/total-eclipse-of-the-heart-disrupting-the-interplanetary-file-sys