CVE-2026-35405Allocation of Resources Without Limits or Throttling in Rust-libp2p

CWE-770Allocation of Resources Without Limits or Throttling230 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.1%
top 83.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Libp2p Rust-libp2p
Timeline
Latest updateApr 4
PublishedApr 7

Description

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. Keep doing this long enough (or with multiple sybil peers) and the server process gets OOM killed. This vulnerability is fixed i

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

CVEListV5libp2p/rust-libp2p< 0.17.1

🔴Vulnerability Details

2
GHSA
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers2026-04-04
OSV
libp2p-rendezvous: Unlimited namespace registrations per peer enables OOM DoS on rendezvous servers2026-04-04

🕵️Threat Intelligence

227
Wiz
GHSA-725g-w329-g7qr Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-32829 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
RUSTSEC-2026-0080 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-32129 Impact, Exploitability, and Mitigation Steps | Wiz
Wiz
CVE-2026-2833 Impact, Exploitability, and Mitigation Steps | Wiz