CVE-2023-26248

Published Oct 25, 2024

Last updated 20 days ago

CVSS medium 5.3

Overview

Description
The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.
Source
cve@mitre.org
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
5.3
Impact score
1.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-352

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2023-26248 (Published: 2024-10-25) affects the InterPlanetary File System (IPFS). Vulnerable versions are at risk! 🛡️ Ensure your systems are updated to the latest version to mitigate potential exploits. For more details, check the report: https://t.co/dXMKWpknvX… https:/

    @transilienceai

    27 Oct 2024

    14 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2023-26248 (Published: 2024-10-25) affects the InterPlanetary File System (IPFS). This high-severity vulnerability impacts specific versions. To mitigate risks, ensure you update to the latest version and follow recommended security practices. Stay safe! 🔒 More info:… htt

    @transilienceai

    27 Oct 2024

    16 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2023-26248 (Published: 2024-10-25) affects Protocol Labs Inc. nan. This vulnerability impacts specific versions of go-libp2p-kad-dht. Users are urged to update to the latest version to mitigate risks. Stay secure! 🔒 For more info: https://t.co/UG6Xc0P0Y4 #CyberSecurity… h

    @transilienceai

    26 Oct 2024

    29 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2023-26248 (Published: 2024-10-25) affects the InterPlanetary File System (IPFS). Vulnerable versions are at risk! 🔒 Ensure your systems are updated to the latest release to mitigate potential exploits. For detailed insights, check out the research:… https://t.co/wy2U8bsW

    @transilienceai

    26 Oct 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. CVE-2023-26248 The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in I... https://t.co/PzGC380EAT Vulnerability Alert Subscriptions: https://t.co/hrQhy5uz4x

    @VulmonFeeds

    26 Oct 2024

    31 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. CVE-2023-26248 The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds t… https://t.co/U8Mjw3gqN4

    @CVEnew

    25 Oct 2024

    211 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References