Vendor
medium
threat
js-libp2p Gossipsub Memory Exhaustion via Subscription Flood
1 rule 2 TTPsA memory exhaustion vulnerability exists in `@libp2p/gossipsub` due to unbounded subscription handling, allowing a single attacker to exhaust a Node.js heap by flooding unique topic subscriptions, leading to denial-of-service.
js-libp2p +1
dos
memory-exhaustion
libp2p
1r
2t
medium
threat
@libp2p/kad-dht Unvalidated PUT_VALUE Records Allow Unbounded Disk Exhaustion
2 rules 2 TTPsAn unauthenticated remote peer can exhaust the disk storage of any `@libp2p/kad-dht` node running in server mode by sending an unbounded stream of `PUT_VALUE` messages with crafted keys to bypass validation and cause disk exhaustion.
@libp2p/kad-dht
libp2p
kad-dht
denial-of-service
disk-exhaustion
2r
2t