Vulnerabilities > Protocol
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-25 | CVE-2023-40583 | Unspecified vulnerability in Protocol Libp2P libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. | 7.5 |
| 2023-05-10 | CVE-2023-25568 | Allocation of Resources Without Limits or Throttling vulnerability in Protocol Boxo 0.4.0/0.5.0 Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations. | 7.5 |
| 2023-02-09 | CVE-2023-23625 | Resource Exhaustion vulnerability in Protocol Go-Unixfs go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag. | 7.5 |
| 2023-02-09 | CVE-2023-23626 | Improper Validation of Specified Quantity in Input vulnerability in Protocol Go-Bitfield 1.0.0 go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library. | 7.5 |
| 2023-02-09 | CVE-2023-23631 | Resource Exhaustion vulnerability in Protocol Go-Unixfsnode github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing. | 7.5 |
| 2023-01-04 | CVE-2023-22460 | Improper Input Validation vulnerability in Protocol Go-Ipld-Prime go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects. | 7.5 |
| 2022-12-27 | CVE-2022-2584 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Protocol Go-Codec-Dagpb The dag-pb codec can panic when decoding invalid blocks. | 7.5 |
| 2022-12-19 | CVE-2022-47547 | Improper Preservation of Permissions vulnerability in Protocol Gossipsub 1.1 GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages. | 5.3 |
| 2022-12-08 | CVE-2022-23495 | Unchecked Return Value vulnerability in Protocol Go-Merkledag go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project. | 7.5 |
| 2022-12-08 | CVE-2022-23492 | Allocation of Resources Without Limits or Throttling vulnerability in Protocol Libp2P go-libp2p is the offical libp2p implementation in the Go programming language. | 7.5 |