Executive Summary

Informations
Name CVE-2023-40583 First vendor Publication 2023-08-25
Vendor Cve Last vendor Modification 2023-09-01

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Overall CVSS Score 7.5
Base Score 7.5 Environmental Score 7.5
impact SubScore 3.6 Temporal Score 7.5
Exploitabality Sub Score 3.9
 
Attack Vector Network Attack Complexity Low
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact None Availability Impact High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

libp2p is a networking stack and library modularized out of The IPFS Project, and bundled separately for other tools to use. In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. If users of go-libp2p in production are not monitoring memory consumption over time, it could be a silent attack i.e. the attacker could bring down nodes over a period of time (how long depends on the node resources i.e. a go-libp2p node on a virtual server with 4 gb of memory takes about 90 sec to bring down; on a larger server, it might take a bit longer.) This issue was patched in version 0.27.4.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-40583

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 3

Sources (Detail)

Source Url
MISC https://github.com/libp2p/go-libp2p/commit/45d3c6fff662ddd6938982e7e9309ad5fa...
https://github.com/libp2p/go-libp2p/releases/tag/v0.27.4
https://github.com/libp2p/go-libp2p/releases/tag/v0.27.7
https://github.com/libp2p/go-libp2p/security/advisories/GHSA-gcq9-qqwx-rgj3

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2023-09-01 17:27:23
  • Multiple Updates
2023-08-26 09:27:25
  • Multiple Updates
2023-08-26 00:27:18
  • First insertion