CVE-2023-40711

Name of the Vulnerable Software and Affected Versions Veilid versions prior to 0.1.9

Description The issue allows remote attackers to cause a denial of service (out-of-memory abort) via crafted packet data. This is due to the lack of size checking for uncompressed data during decompression upon an envelope receipt. The issue has been exploited in the wild in August 2023.

Recommendations For versions prior to 0.1.9, update to version 0.1.9 or later to resolve the issue. As a temporary workaround, consider restricting the receipt of envelope data to trusted sources until a patch is applied.