protocol

Top products

The 15 most recently published vulnerabilities affecting protocol.

• CVE-2026-35480go-ipld-prime's DAG-CBOR decoder unbounded memory allocation from CBOR headers6.2Apr 7, 2026
• CVE-2026-35457libp2p-rust has unbounded rendezvous DISCOVER cookies enable remote memory exhaustion8.2Apr 7, 2026
• CVE-2026-35405libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers7.5Apr 7, 2026
• CVE-2026-34219libp2p-gossipsub: Gossipsub PRUNE Backoff Heartbeat Instant Overflow5.9Mar 31, 2026
• CVE-2026-33040libp2p-rust: Gossipsub PRUNE.backoff Duration Overflow7.5Mar 20, 2026
• CVE-2026-32314Yamux remote Panic via malformed Data frame with SYN set and len = 2621457.5Mar 13, 2026
• CVE-2026-31814Yamux remote Panic via malformed WindowUpdate credit7.5Mar 13, 2026
• CVE-2023-40583libp2p nodes vulnerable to OOM attack7.5Aug 25, 2023
• CVE-2023-25568Boxo bitswap/server: DOS unbounded persistent memory leak8.2May 10, 2023
• CVE-2023-23625Denial of service in HAMT Decoding in go-unixfs 5.9Feb 9, 2023
• CVE-2023-23626Denial of service when feeding malformed size arguments in go-bitfield5.9Feb 9, 2023
• CVE-2023-23631HAMT Decoding Panics in github.com/ipfs/go-unixfsnode5.9Feb 9, 2023
• CVE-2023-22460go-ipld-prime json codec may panic if asked to encode bytes7.5Jan 4, 2023
• CVE-2022-2584Panic when decoding invalid blocks in github.com/ipld/go-codec-dagpb7.5Dec 27, 2022
• CVE-2022-47547GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.5.3Dec 19, 2022