Vulnerability	Vulnerable Version
H Missing Release of Memory after Effective Lifetime @libp2p/gossipsub is an A typescript implementation of gossipsub Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through unbounded growth of the `topics` data structure when processing subscription requests. An attacker can exhaust system memory and cause a process crash by sending a large number of unique topic subscriptions in a single RPC frame, leading to significant heap consumption and eventual out-of-memory termination. Memory is not reclaimed even after the attacker disconnects, as empty Sets persist in the `topics` map for the lifetime of the process. How to fix Missing Release of Memory after Effective Lifetime? Upgrade `@libp2p/gossipsub` to version 15.0.23 or higher.	<15.0.23

Missing Release of Memory after Effective Lifetime

@libp2p/gossipsub is an A typescript implementation of gossipsub

Affected versions of this package are vulnerable to Missing Release of Memory after Effective Lifetime through unbounded growth of the topics data structure when processing subscription requests. An attacker can exhaust system memory and cause a process crash by sending a large number of unique topic subscriptions in a single RPC frame, leading to significant heap consumption and eventual out-of-memory termination. Memory is not reclaimed even after the attacker disconnects, as empty Sets persist in the topics map for the lifetime of the process.

How to fix Missing Release of Memory after Effective Lifetime?

Upgrade @libp2p/gossipsub to version 15.0.23 or higher.

<15.0.23

Go back to all versions of this package