CVE-2023-26248

Published: Oct 25, 2024

Modified: Oct 25, 2024

PUBLISHED

Description

The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/libp2p/go-libp2p-kad-dht

https://arxiv.org/abs/2307.12212

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-26248

Description

Affected Products

References