Failuresmith

Name of the Vulnerable Software and Affected Versions libp2p-rendezvous (affected versions not specified) Description The rendezvous server stores pagination cookies without bounds, leading to unbounded memory growth. An unauthenticated peer can repeatedly issue `DISCOVER` requests to exploit this issue. The vulnerability results in remote state amplification and potential memory exhaustion. The affected component uses a `HashMap<Cookie, HashSet<RegistrationId>>` to store pagination state. The `handle request` function processes `Message::Discover` requests, generating new cookies and inserting them into the `Registrations::cookies` map without any upper bound or eviction policy. This allows an attacker to repeatedly request discovery, causing the map to grow indefinitely. The vulnerability is network reachable, requires no authentication, has low attack complexity, and uses protocol-compliant traffic. Recommendations 1. Implement a global cap and eviction policy, bounding cookie storage with a `MAX COOKIES TRACKED` limit and using FIFO or expiry-aware eviction. 2. Encode pagination state in authenticated cookies instead of storing server-side state. 3. Implement rate limiting or per-peer quotas to limit cookie creation per peer.