{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/rendezvous/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["libp2p","rendezvous","denial-of-service"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe \u003ccode\u003elibp2p-rendezvous\u003c/code\u003e server prior to version 0.17.1 is susceptible to a denial-of-service (DoS) attack. An attacker can exploit the lack of limitations on namespace registrations per peer. By repeatedly registering unique namespaces, the server allocates memory without restriction, leading to an out-of-memory (OOM) crash. This vulnerability requires no authentication, allowing any peer on the network to initiate the attack. The issue stems from the \u003ccode\u003eRegistrations::add()\u003c/code\u003e function in \u003ccode\u003eprotocols/rendezvous/src/server.rs\u003c/code\u003e, which does not enforce a maximum number of registrations per peer. The \u003ccode\u003eMAX_TTL\u003c/code\u003e of 72 hours exacerbates the problem, as registrations persist for up to three days even if the peer disconnects.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker connects to a publicly accessible \u003ccode\u003elibp2p-rendezvous\u003c/code\u003e server.\u003c/li\u003e\n\u003cli\u003eAttacker sends a REGISTER request to the server for a unique namespace.\u003c/li\u003e\n\u003cli\u003eThe server\u0026rsquo;s \u003ccode\u003eRegistrations::add()\u003c/code\u003e function processes the request and adds the namespace to its internal data structures (\u003ccode\u003eregistrations_for_peer\u003c/code\u003e, \u003ccode\u003eregistrations\u003c/code\u003e, \u003ccode\u003enext_expiry\u003c/code\u003e).\u003c/li\u003e\n\u003cli\u003eThe attacker repeats steps 2 and 3 in a loop, registering thousands of unique namespaces.\u003c/li\u003e\n\u003cli\u003eThe server continues to allocate memory for each namespace registration.\u003c/li\u003e\n\u003cli\u003eDue to the \u003ccode\u003eMAX_TTL\u003c/code\u003e of 72 hours, previously registered namespaces are not removed from memory.\u003c/li\u003e\n\u003cli\u003eThe server\u0026rsquo;s memory consumption increases steadily with each registered namespace.\u003c/li\u003e\n\u003cli\u003eThe server process eventually exhausts available memory (OOM) and crashes, disrupting peer discovery services for legitimate clients.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of this vulnerability leads to a denial-of-service condition, making the \u003ccode\u003elibp2p-rendezvous\u003c/code\u003e server unavailable. Any rust-libp2p based project that deploys a rendezvous point is at risk. Since rendezvous servers are often well-known and publicly reachable, their downtime disrupts peer discovery for all clients relying on them. The impact scales with the number of attacking peers, requiring only a single connection and REGISTER requests to achieve the DoS. The affected package is \u003ccode\u003erust/libp2p-rendezvous\u003c/code\u003e versions prior to 0.17.1.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade to \u003ccode\u003erust/libp2p-rendezvous\u003c/code\u003e version 0.17.1 or later to patch CVE-2026-35405.\u003c/li\u003e\n\u003cli\u003eMonitor resource utilization (CPU, memory) of \u003ccode\u003elibp2p-rendezvous\u003c/code\u003e server processes to detect anomalous spikes indicative of a DoS attack.\u003c/li\u003e\n\u003cli\u003eImplement rate limiting on namespace registration requests from individual peers in the application layer.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-04T06:33:46Z","date_published":"2026-04-04T06:33:46Z","id":"/briefs/2026-04-libp2p-rendezvous-dos/","summary":"A vulnerable libp2p-rendezvous server can be crashed via a denial-of-service attack where an unauthenticated peer registers unlimited namespaces, leading to memory exhaustion.","title":"libp2p-rendezvous Unlimited Namespace Registration DoS","url":"https://feed.craftedsignal.io/briefs/2026-04-libp2p-rendezvous-dos/"}],"language":"en","title":"CraftedSignal Threat Feed — Rendezvous","version":"https://jsonfeed.org/version/1.1"}