Description
Versions older than v0.38.0 of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system.
Recommendation
Update the libp2p package to the latest compatible version. Followings are version details:
- Affected version(s): < 0.38.0
- Patched version(s): 0.38.0
References
Related Issues
- Finance.js vulnerable to DoS via the seekZero() parameter - CVE-2025-56572
- Stimulsoft Dashboard.JS directory traversal vulnerability - CVE-2024-24398
- Inefficient Regular Expression Complexity in handsontable - CVE-2021-23446
- Regular Expression Denial of Service in jquery-validation - CVE-2021-21252
- Tags:
- npm
- libp2p
Anything's wrong? Let us know Last updated on July 14, 2023