Hbapm6

**Name of the Vulnerable Software and Affected Versions** i2p versions prior to 2.3.0 **Description** The issue allows de-anonymizing the public IPv4 and IPv6 addresses of i2p hidden services (aka eepsites) via a correlation attack across the IPv4 and IPv6 addresses that occurs when a tunneled, replayed message has a behavior discrepancy. An attack would take days to complete. **Recommendations** Upgrade to i2p version 2.3.0 to mitigate the issue. As a temporary workaround, consider restricting the use of tunneled and replayed messages to minimize the risk of exploitation.