The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.
References
Configurations
No configuration.
History
28 Oct 2024, 13:58
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
25 Oct 2024, 20:35
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-352 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
25 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-25 16:15
Updated : 2024-10-28 13:58
NVD link : CVE-2023-26248
Mitre link : CVE-2023-26248
CVE.ORG link : CVE-2023-26248
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)