CVE-2026-35457 — Allocation of Resources Without Limits or Throttling in Rust-libp2p

CWE-770 — Allocation of Resources Without Limits or Throttling230 documents4 sources

Severity

8.2HIGHNVD

EPSS

0.1%

top 83.69%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Libp2p Rust-libp2p

Timeline

Latest updateApr 4

PublishedApr 7

Description

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, the rendezvous server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue DISCOVER requests and force unbounded memory growth. This vulnerability is fixed in 0.17.1.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages1 packages

▶CVEListV5libp2p/rust-libp2p< 0.17.1

🔴Vulnerability Details

GHSA

libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion↗2026-04-04

▶

OSV

libp2p-rendezvous: Unbounded rendezvous DISCOVER cookies enable remote memory exhaustion↗2026-04-04

▶

🕵️Threat Intelligence

227

Wiz

GHSA-725g-w329-g7qr Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-32829 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

RUSTSEC-2026-0080 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-32129 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶

Wiz

CVE-2026-2833 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶