blob: 468a21d1dc1ca8e39c2d6a436a9ebb03bb76f3cc [file] [log] [blame]
id: GO-2023-1766
modules:
- module: github.com/ipfs/go-libipfs
versions:
- fixed: 0.4.1
- introduced: 0.5.0
fixed: 0.6.0
vulnerable_at: 0.5.0
packages:
- package: github.com/ipfs/go-libipfs/bitswap/server
- module: github.com/ipfs/go-bitswap
versions:
- fixed: 0.12.0
vulnerable_at: 0.11.0
packages:
- package: github.com/ipfs/go-bitswap/server
summary: Denial of service from memory leak in github.com/ipfs/go-libipfs
description: |-
An attacker can cause a Bitswap server to allocate and leak unbounded amounts of
memory.
cves:
- CVE-2023-25568
ghsas:
- GHSA-m974-xj4j-7qv5
- GHSA-q3j6-22wf-3jh9
references:
- advisory: https://github.com/ipfs/go-libipfs/security/advisories/GHSA-m974-xj4j-7qv5
review_status: REVIEWED