Vulnerabilities > Protocol

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-40583 Unspecified vulnerability in Protocol Libp2P
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use.
network
low complexity
protocol
7.5
2023-05-10 CVE-2023-25568 Allocation of Resources Without Limits or Throttling vulnerability in Protocol Boxo 0.4.0/0.5.0
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations.
network
low complexity
protocol CWE-770
7.5
2023-02-09 CVE-2023-23625 Unspecified vulnerability in Protocol Go-Unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag.
network
low complexity
protocol
7.5
2023-02-09 CVE-2023-23626 Improper Validation of Specified Quantity in Input vulnerability in Protocol Go-Bitfield 1.0.0
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library.
network
low complexity
protocol CWE-1284
7.5
2023-02-09 CVE-2023-23631 Unspecified vulnerability in Protocol Go-Unixfsnode
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing.
network
low complexity
protocol
7.5
2023-01-04 CVE-2023-22460 Unspecified vulnerability in Protocol Go-Ipld-Prime
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects.
network
low complexity
protocol
7.5
2022-12-27 CVE-2022-2584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Protocol Go-Codec-Dagpb
The dag-pb codec can panic when decoding invalid blocks.
network
low complexity
protocol CWE-119
7.5
2022-12-19 CVE-2022-47547 Improper Preservation of Permissions vulnerability in Protocol Gossipsub 1.1
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
network
low complexity
protocol CWE-281
5.3
2022-12-08 CVE-2022-23495 Unchecked Return Value vulnerability in Protocol Go-Merkledag
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project.
network
low complexity
protocol CWE-252
7.5
2022-12-08 CVE-2022-23492 Allocation of Resources Without Limits or Throttling vulnerability in Protocol Libp2P
go-libp2p is the offical libp2p implementation in the Go programming language.
network
low complexity
protocol CWE-770
7.5