CVE-2025-29606Allocation of Resources Without Limits or Throttling in Py-libp2p

CWE-770Allocation of Resources Without Limits or Throttling3 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 73.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Libp2p Py-libp2pProtocol Libp2p
Timeline
PublishedJul 14

Description

py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

PyPIprotocol/libp2p< 0.2.3
CVEListV5libp2p/py-libp2p< 0.2.3

🔴Vulnerability Details

2
OSV
py-libp2p is vulnerable to DoS attacks through use of large RSA keys2025-07-14
GHSA
py-libp2p is vulnerable to DoS attacks through use of large RSA keys2025-07-14
CVE-2025-29606 — Libp2p Py-libp2p vulnerability | cvebase