CVE-2022-47547

Name of the Vulnerable Software and Affected Versions GossipSub version 1.1

Description The issue allows a peer to maintain a positive score and remain in the network despite continuously misbehaving by not forwarding topic messages. This affects GossipSub 1.1 as used for Ethereum 2.0.

Recommendations For GossipSub version 1.1, consider implementing additional checks to ensure peers that do not forward topic messages are properly penalized and potentially pruned from the network. As a temporary workaround, consider restricting the ability of peers to maintain a positive score if they are not contributing to the network by forwarding messages. At the moment, there is no information about a newer version that contains a fix for this vulnerability.