Homepage

@libp2p/kad-dht@16.2.6-9eb27be79

JavaScript implementation of the Kad-DHT for libp2p

  • latest version

    16.3.0

  • latest non vulnerable version

    16.3.0

  • first published

    4 years ago

  • latest version published

    5 days ago

  • licenses detected

  • View kad-dht package health on Snyk  (opens in a new tab)
    • Go back to all versions of this package
    Report a new vulnerability Found a mistake?

    Direct Vulnerabilities

    Known vulnerabilities in the @libp2p/kad-dht package. This does not include vulnerabilities belonging to this package’s dependencies.

    Fix vulnerabilities automatically

    Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

    Fix for free
    VulnerabilityVulnerable Version
    • H
    Improper Validation of Syntactic Correctness of Input

    @libp2p/kad-dht is a JavaScript implementation of the Kad-DHT for libp2p

    Affected versions of this package are vulnerable to Improper Validation of Syntactic Correctness of Input in the verifyRecord() function that leads to the unlimited message processing since rate limits are applied only to successfully received messages. An attacker can exhaust disk storage and render the node unavailable by sending a continuous stream of crafted PUT_VALUE messages with keys that bypass content validation.

    How to fix Improper Validation of Syntactic Correctness of Input?

    Upgrade @libp2p/kad-dht to version 16.2.6 or higher.

    <16.2.6
    Go back to all versions of this package