Out-of-memory vulnerability in github.com/libp2p/go-libp2p

Overview

Source
ID
GO-2023-2024
Aliases
CVE-2023-40583
GHSA-gcq9-qqwx-rgj3

Description

A malicious actor can store an arbitrary amount of data in the memory of a remote node by sending the node a message with a signed peer record. Signed peer records from randomly generated peers can be sent by a malicious actor. This memory does not get garbage collected and so the remote node can run out of memory (OOM).

Summary

2.59k
Total packages affected
Packages with at least one version that is affected by the advisory or has an affected dependency.
324
Packages with a known fix
Packages with versions affected by the advisory that have a greater version that is not affected.
0.20%
Total ecosystem affected
The proportion of packages in the ecosystem that are affected by the advisory (fixed or not).
Affected Version: Introduced: 0, Fixed: 0.27.4
Patched/Unaffected
v0.27.4
v0.27.5
v0.27.6
v0.27.7
v0.27.8
v0.27.9
v0.28.0
v0.28.1
v0.28.2
v0.28.3
v0.29.0
v0.29.1
v0.29.2
v0.30.0
v0.30.1
v0.31.0
v0.31.1
v0.32.0
v0.32.1
v0.32.2
v0.33.0
v0.33.1
v0.33.2
v0.34.0
v0.34.1
v0.35.0
v0.35.1
v0.35.2
v0.35.3
v0.35.4
v0.35.5
v0.36.0
v0.36.1
v0.36.2
v0.36.3
v0.36.4
v0.36.5
v0.37.0
v0.37.1
v0.37.2
v0.38.0
v0.38.1
Affected
v0.27.3
v0.27.2
v0.27.1
v0.27.0
v0.26.4
v0.26.3
v0.26.2
v0.26.1
v0.26.0
v0.25.1
v0.25.0
v0.24.2
v0.24.1
v0.24.0
v0.23.4
v0.23.3
v0.23.2
v0.23.1
v0.23.0
v0.22.0
v0.21.0
v0.20.3
v0.20.2
v0.20.1
v0.20.0
v0.19.4
v0.19.3
v0.19.2
v0.19.1
v0.19.0
v0.18.1
v0.18.0
v0.17.0
v0.16.0
v0.15.1
v0.15.0
v0.14.4
v0.14.3
v0.14.2
v0.14.1
v0.14.0
v0.13.0
v0.12.0
v0.11.0
v0.10.3
v0.10.2
v0.10.1
v0.10.0
v0.9.6
v0.9.5
v0.9.4
v0.9.3
v0.9.2
v0.9.1
v0.9.0
v0.8.3
v0.8.2
v0.8.1
v0.8.0
v0.7.4
v0.7.3
v0.7.2
v0.7.1
v0.7.0
v0.6.1
v0.6.0
v0.5.2
v0.5.1
v0.5.0
v0.4.2
v0.4.1
v0.4.0
v0.3.1
v0.3.0
v0.2.1
v0.2.0
v0.1.2
v0.1.1
v0.1.0
v0.0.32
v0.0.31
v0.0.30
v0.0.29
v0.0.28
v0.0.27
v0.0.26
v0.0.25
v0.0.24
v0.0.23
v0.0.22
v0.0.21
v0.0.20
v0.0.19
v0.0.18
v0.0.17
v0.0.16
v0.0.15
v0.0.14
v0.0.13
v0.0.12
v0.0.11
v0.0.10
v0.0.9
v0.0.8
v0.0.7
v0.0.6
v0.0.5
v0.0.4
v0.0.3
v0.0.2
v0.0.1