CVE-2022-23486

Name of the Vulnerable Software and Affected Versions libp2p-rust versions prior to 0.45.1

Description The issue allows an attacker node to cause a victim node to allocate a large number of small memory chunks, leading to the victim's process running out of memory and potentially getting killed by its operating system. This can result in a denial of service attack, especially when executed against multiple nodes in a libp2p-based network.

Recommendations For versions prior to 0.45.1, upgrade to libp2p v0.45.1 or above. As a temporary workaround for users unable to upgrade, consider referencing the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor the application, and respond to attacks.