Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Overview
Source
ID
GHSA-mqr9-hjr8-2m9w
Aliases
CVE-2023-26248
GO-2024-3218
Affected package
Description
The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.
Impact
Severity
help_outline
Latest version of the CVSS score reported by the source of the advisory.
5.3 MODERATE
Reference links
Summary
1.15k
Total packages affected
help_outline
Packages with at least one version that is affected by the advisory or has an affected dependency.
122
Packages with a known fix
help_outline
Packages with versions affected by the advisory that have a greater version that is not affected.
0.09%
Total ecosystem affected
help_outline
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Last Affected: 0.20.0
Patched/Unaffected
Affected