CVE-2019-15545

Name of the Vulnerable Software and Affected Versions libp2p-core crate versions prior to 0.8.1

Description An issue in the libp2p-core crate allows attackers to spoof ed25519 signatures. The affected versions did not properly verify ed25519 signatures, considering any signature with a correct length as valid. This enables an attacker to impersonate any node identity.

Recommendations For versions prior to 0.8.1, update to version 0.8.1 or later to resolve the issue. As a temporary workaround, consider implementing additional signature verification measures to prevent impersonation attacks. Restrict access to sensitive node identities until the update is applied.