Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-RUST-LIBP2PCORE-2929004
- published 17 Jun 2022
- disclosed 17 Jun 2022
- credit Unknown
Introduced: 17 Jun 2022CVE NOT AVAILABLE CWE-310 Open this link in a new tab
How to fix?
libp2p-core to version 0.30.2 or higher.
libp2p-core is a rust implementation of libp2p networking stack.
Affected versions of this package are vulnerable to Cryptographic Issues due to a failure to verify the public key of a
SignedEnvelope against the
PeerId in a
PeerRecord, it leads to any combination being considered valid.
Exploiting this vulnerability makes it possible for an attacker to republish an existing
PeerRecord with a different