Pl4Sman

**Name of the Vulnerable Software and Affected Versions** nimiq/core-rs-albatross versions prior to 1.1.0 **Description** The issue is related to uncontrolled memory allocation in the `nimiq-network-libp2p` subcrate of nimiq/core-rs-albatross, which can lead to a Denial of Service (DoS) attack. Specifically, the implementation of the `Discovery` network message handling allocates a buffer based on a length value provided by the peer, without enforcing an upper bound. A peer can trigger allocations of up to 4 GB, potentially leading to memory exhaustion and node crashes. As Discovery messages are regularly exchanged for peer discovery, this issue can be exploited repeatedly. **Recommendations** For versions prior to 1.1.0, update to version 1.1.0, which implements a limit to the discovery message size of 1 MB and also resizes the message buffer size incrementally as the data is read. As a temporary workaround, consider restricting the `Discovery` message handling to minimize the risk of exploitation.