CVE-2026-35457: libp2p-rendezvous Unbounded Memory Growth (HIGH)
Plattform
rust
Komponente
libp2p-rendezvous
Behoben in
0.17.1
CVE-2026-35457 is a vulnerability in `libp2p-rendezvous` where the server stores pagination cookies without bounds. An unauthenticated peer can repeatedly issue `DISCOVER` requests and force unbounded memory growth, leading to a denial of service. This issue is fixed in version 0.17.1.
So beheben
Kein offizieller Patch verfügbar. Prüfe auf Workarounds oder überwache auf Updates.
Häufig gestellte Fragen
What is CVE-2026-35457?
CVE-2026-35457 is a vulnerability in libp2p-rendezvous that allows unauthenticated peers to cause unbounded memory growth via DISCOVER requests.
Am I affected by CVE-2026-35457?
You are affected if you are using a version of libp2p-rendezvous prior to 0.17.1.
How can I fix CVE-2026-35457?
Upgrade your libp2p-rendezvous package to version 0.17.1 or later to resolve this vulnerability.
Abhängigkeiten automatisch überwachen
Werde benachrichtigt, wenn neue Schwachstellen deine Projekte betreffen. Für immer kostenlos.
Kostenlos starten