Github.Com Libp2P Go-Libp2P vulnerabilities

CVE-2023-40583 [HIGH] CWE-400 libp2p nodes vulnerable to OOM attack libp2p nodes vulnerable to OOM attack ### Summary In go-libp2p, by using signed peer records a malicious actor can store an arbitrary amount of data in a remote node’s memory. This memory does not get garbage collected and so the victim can run out of memory and crash. It is feasible to do this at scale. An attacker would have to transfer ~1/2 as much memory it wants to occupy (2x amplification factor). The attacker can perfo

CVE-2023-39533 [HIGH] CWE-770 libp2p nodes vulnerable to attack using large RSA keys libp2p nodes vulnerable to attack using large RSA keys ### Impact A malicious peer can use large RSA keys to run a resource exhaustion attack & force a node to spend time doing signature verification of the large key. This vulnerability is present in the core/crypto module of go-libp2p and can occur during the Noise handshake and the libp2p x509 extension verification step. To prevent this attack, go-libp2p now

CVE-2022-23492 [HIGH] CWE-400 libp2p DoS vulnerability from lack of resource management libp2p DoS vulnerability from lack of resource management ### Impact Versions older than `v0.18.0` of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection