Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse

Overview

Source
ID
GHSA-mqr9-hjr8-2m9w
Aliases
CVE-2023-26248
GO-2024-3218

Description

The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.

Summary

1.15k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
122
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
0.09%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Last Affected: 0.20.0
Affected