Vulnerabilities > Protocol > High

DATE CVE VULNERABILITY TITLE RISK
2023-08-25 CVE-2023-40583 Unspecified vulnerability in Protocol Libp2P
libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use.
network
low complexity
protocol
7.5
2023-05-10 CVE-2023-25568 Allocation of Resources Without Limits or Throttling vulnerability in Protocol Boxo 0.4.0/0.5.0
Boxo, formerly known as go-libipfs, is a library for building IPFS applications and implementations.
network
low complexity
protocol CWE-770
7.5
2023-02-09 CVE-2023-23625 Resource Exhaustion vulnerability in Protocol Go-Unixfs
go-unixfs is an implementation of a unix-like filesystem on top of an ipld merkledag.
network
low complexity
protocol CWE-400
7.5
2023-02-09 CVE-2023-23626 Improper Validation of Specified Quantity in Input vulnerability in Protocol Go-Bitfield 1.0.0
go-bitfield is a simple bitfield package for the go language aiming to be more performant that the standard library.
network
low complexity
protocol CWE-1284
7.5
2023-02-09 CVE-2023-23631 Resource Exhaustion vulnerability in Protocol Go-Unixfsnode
github.com/ipfs/go-unixfsnode is an ADL IPLD prime node that wraps go-codec-dagpb's implementation of protobuf to enable pathing.
network
low complexity
protocol CWE-400
7.5
2023-01-04 CVE-2023-22460 Improper Input Validation vulnerability in Protocol Go-Ipld-Prime
go-ipld-prime is an implementation of the InterPlanetary Linked Data (IPLD) spec interfaces, a batteries-included codec implementations of IPLD for CBOR and JSON, and tooling for basic operations on IPLD objects.
network
low complexity
protocol CWE-20
7.5
2022-12-27 CVE-2022-2584 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Protocol Go-Codec-Dagpb
The dag-pb codec can panic when decoding invalid blocks.
network
low complexity
protocol CWE-119
7.5
2022-12-08 CVE-2022-23495 Unchecked Return Value vulnerability in Protocol Go-Merkledag
go-merkledag implements the 'DAGService' interface and adds two ipld node types, Protobuf and Raw for the ipfs project.
network
low complexity
protocol CWE-252
7.5
2022-12-08 CVE-2022-23492 Allocation of Resources Without Limits or Throttling vulnerability in Protocol Libp2P
go-libp2p is the offical libp2p implementation in the Go programming language.
network
low complexity
protocol CWE-770
7.5
2022-12-07 CVE-2022-23486 Allocation of Resources Without Limits or Throttling vulnerability in Protocol Libp2P
libp2p-rust is the official rust language Implementation of the libp2p networking stack.
network
low complexity
protocol CWE-770
7.5