{"id":"CVE-2022-23486","summary":"libp2p-rust denial of service vulnerability from lack of resource management","details":"libp2p-rust is the official rust language Implementation of the libp2p networking stack. In versions prior to 0.45.1 an attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. Users are advised to upgrade to `libp2p` `v0.45.1` or above. Users unable to upgrade should reference the DoS Mitigation page for more information on how to incorporate mitigation strategies, monitor their application, and respond to attacks: https://docs.libp2p.io/reference/dos-mitigation/.","aliases":["GHSA-jvgw-gccv-q5p8","RUSTSEC-2022-0084"],"modified":"2026-04-16T04:04:01.132570Z","published":"2022-12-07T20:03:35.212Z","database_specific":{"cwe_ids":["CWE-400"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23486.json","cna_assigner":"GitHub_M"},"references":[{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/23xxx/CVE-2022-23486.json"},{"type":"ADVISORY","url":"https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-jvgw-gccv-q5p8"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2022-23486"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/libp2p/rust-libp2p","events":[{"introduced":"0"},{"fixed":"802d00e645894d8895f2f9f665b921452d992b86"}]}],"versions":["0.13.2","libp2p-autonat-0.1.0","libp2p-autonat-0.2.0","libp2p-autonat-0.3.0","libp2p-autonat-0.4.0","libp2p-core-0.19.2","libp2p-core-0.20.0","libp2p-core-0.20.1","libp2p-core-0.21.0","libp2p-core-0.22.0","libp2p-core-0.22.1","libp2p-core-0.23.0","libp2p-core-0.23.1","libp2p-core-0.24.0","libp2p-core-0.25.0","libp2p-core-0.25.1","libp2p-core-0.25.2","libp2p-core-0.26.0","libp2p-core-0.27.0","libp2p-core-0.27.1","libp2p-core-0.28.0","libp2p-core-0.28.1","libp2p-core-0.28.2","libp2p-core-0.28.3","libp2p-core-0.29.0","libp2p-core-0.30.0-rc.1","libp2p-core-0.30.0-rc.2","libp2p-core-0.31.0","libp2p-core-0.32.0","libp2p-core-0.32.1","libp2p-core-0.33.0","libp2p-core-derive-0.20.0","libp2p-core-derive-0.20.1","libp2p-core-derive-0.20.2","libp2p-core-derive-0.21.0","libp2p-dcutr-0.1.0","libp2p-dcutr-0.2.0","libp2p-dcutr-0.3.0","libp2p-deflate-0.19.2","libp2p-deflate-0.20.0","libp2p-deflate-0.21.0","libp2p-deflate-0.22.0","libp2p-deflate-0.23.0","libp2p-deflate-0.24.0","libp2p-deflate-0.25.0","libp2p-deflate-0.26.0","libp2p-deflate-0.27.0","libp2p-deflate-0.27.1","libp2p-deflate-0.28.0","libp2p-deflate-0.29.0","libp2p-deflate-0.30.0-rc.1","libp2p-deflate-0.31.0","libp2p-deflate-0.32.0","libp2p-deflate-0.33.0","libp2p-dns-0.20.0","libp2p-dns-0.21.0","libp2p-dns-0.22.0","libp2p-dns-0.23.0","libp2p-dns-0.24.0","libp2p-dns-0.25.0","libp2p-dns-0.26.0","libp2p-dns-0.27.0","libp2p-dns-0.28.0","libp2p-dns-0.28.1","libp2p-dns-0.29.0","libp2p-dns-0.30.0-rc.1","libp2p-dns-0.31.0","libp2p-dns-0.32.0","libp2p-dns-0.32.1","libp2p-dns-0.33.0","libp2p-floodsub-0.19.1","libp2p-floodsub-0.20.0","libp2p-floodsub-0.21.0","libp2p-floodsub-0.22.0","libp2p-floodsub-0.23.0","libp2p-floodsub-0.24.0","libp2p-floodsub-0.25.0","libp2p-floodsub-0.26.0","libp2p-floodsub-0.27.0","libp2p-floodsub-0.28.0","libp2p-floodsub-0.29.0","libp2p-floodsub-0.30.0","libp2p-floodsub-0.31.0-rc.1","libp2p-floodsub-0.32.0","libp2p-floodsub-0.33.0","libp2p-floodsub-0.34.0","libp2p-floodsub-0.35.0","libp2p-floodsub-0.36.0","libp2p-gossipsub-0.19.2","libp2p-gossipsub-0.19.3","libp2p-gossipsub-0.20.0","libp2p-gossipsub-0.21.0","libp2p-gossipsub-0.22.0","libp2p-gossipsub-0.23.0","libp2p-gossipsub-0.24.0","libp2p-gossipsub-0.25.0","libp2p-gossipsub-0.26.0","libp2p-gossipsub-0.27.0","libp2p-gossipsub-0.28.0","libp2p-gossipsub-0.29.0","libp2p-gossipsub-0.30.0","libp2p-gossipsub-0.30.1","libp2p-gossipsub-0.31.0","libp2p-gossipsub-0.32.0","libp2p-gossipsub-0.33.0-rc.1","libp2p-gossipsub-0.34.0","libp2p-gossipsub-0.35.0","libp2p-gossipsub-0.36.0","libp2p-gossipsub-0.37.0","libp2p-gossipsub-0.38.0","libp2p-identify-0.19.2","libp2p-identify-0.20.0","libp2p-identify-0.21.0","libp2p-identify-0.22.0","libp2p-identify-0.23.0","libp2p-identify-0.24.0","libp2p-identify-0.25.0","libp2p-identify-0.26.0","libp2p-identify-0.27.0","libp2p-identify-0.28.0","libp2p-identify-0.29.0","libp2p-identify-0.30.0","libp2p-identify-0.31.0-rc.1","libp2p-identify-0.31.0-rc.2","libp2p-identify-0.32.0","libp2p-identify-0.33.0","libp2p-identify-0.34.0","libp2p-identify-0.35.0","libp2p-identify-0.36.0","libp2p-kad-0.20.0","libp2p-kad-0.20.1","libp2p-kad-0.21.0","libp2p-kad-0.22.0","libp2p-kad-0.22.1","libp2p-kad-0.23.0","libp2p-kad-0.24.0","libp2p-kad-0.25.0","libp2p-kad-0.26.0","libp2p-kad-0.27.0","libp2p-kad-0.28.0","libp2p-kad-0.28.1","libp2p-kad-0.29.0","libp2p-kad-0.30.0","libp2p-kad-0.31.0","libp2p-kad-0.32.0-rc.1","libp2p-kad-0.32.0-rc.2","libp2p-kad-0.33.0","libp2p-kad-0.34.0","libp2p-kad-0.35.0","libp2p-kad-0.36.0","libp2p-kad-0.37.0","libp2p-kad-v0.27.1","libp2p-mdns-0.19.2","libp2p-mdns-0.20.0","libp2p-mdns-0.21.0","libp2p-mdns-0.22.0","libp2p-mdns-0.23.0","libp2p-mdns-0.24.0","libp2p-mdns-0.25.0","libp2p-mdns-0.26.0","libp2p-mdns-0.27.0","libp2p-mdns-0.28.0","libp2p-mdns-0.28.1","libp2p-mdns-0.29.0","libp2p-mdns-0.30.0","libp2p-mdns-0.30.1","libp2p-mdns-0.30.2","libp2p-mdns-0.31.0","libp2p-mdns-0.32.0-rc.1","libp2p-mdns-0.33.0","libp2p-mdns-0.34.0","libp2p-mdns-0.35.0","libp2p-mdns-0.36.0","libp2p-mdns-0.37.0","libp2p-metrics-0.1.0-rc.1","libp2p-metrics-0.2.0","libp2p-metrics-0.3.0","libp2p-metrics-0.4.0","libp2p-metrics-0.5.0","libp2p-metrics-0.6.0","libp2p-mplex-0.19.2","libp2p-mplex-0.20.0","libp2p-mplex-0.21.0","libp2p-mplex-0.22.0","libp2p-mplex-0.23.0","libp2p-mplex-0.23.1","libp2p-mplex-0.24.0","libp2p-mplex-0.25.0","libp2p-mplex-0.26.0","libp2p-mplex-0.27.0","libp2p-mplex-0.27.1","libp2p-mplex-0.28.0","libp2p-mplex-0.29.0","libp2p-mplex-0.30.0-rc.1","libp2p-mplex-0.31.0","libp2p-mplex-0.32.0","libp2p-mplex-0.33.0","libp2p-noise-0.19.1","libp2p-noise-0.20.0","libp2p-noise-0.21.0","libp2p-noise-0.22.0","libp2p-noise-0.23.0","libp2p-noise-0.24.0","libp2p-noise-0.25.0","libp2p-noise-0.26.0","libp2p-noise-0.27.0","libp2p-noise-0.28.0","libp2p-noise-0.29.0","libp2p-noise-0.30.0","libp2p-noise-0.31.0","libp2p-noise-0.32.0","libp2p-noise-0.33.0-rc.1","libp2p-noise-0.34.0","libp2p-noise-0.35.0","libp2p-noise-0.36.0","libp2p-ping-0.19.3","libp2p-ping-0.20.0","libp2p-ping-0.21.0","libp2p-ping-0.22.0","libp2p-ping-0.23.0","libp2p-ping-0.24.0","libp2p-ping-0.25.0","libp2p-ping-0.26.0","libp2p-ping-0.27.0","libp2p-ping-0.28.0","libp2p-ping-0.29.0","libp2p-ping-0.30.0","libp2p-ping-0.31.0-rc.1","libp2p-ping-0.32.0","libp2p-ping-0.33.0","libp2p-ping-0.34.0","libp2p-ping-0.35.0","libp2p-ping-0.36.0","libp2p-ping-v0.19.2","libp2p-plaintext-0.19.1","libp2p-plaintext-0.20.0","libp2p-plaintext-0.21.0","libp2p-plaintext-0.22.0","libp2p-plaintext-0.23.0","libp2p-plaintext-0.24.0","libp2p-plaintext-0.24.1","libp2p-plaintext-0.25.0","libp2p-plaintext-0.26.0","libp2p-plaintext-0.27.0","libp2p-plaintext-0.27.1","libp2p-plaintext-0.28.0","libp2p-plaintext-0.29.0","libp2p-plaintext-0.30.0-rc.1","libp2p-plaintext-0.31.0","libp2p-plaintext-0.32.0","libp2p-plaintext-0.33.0","libp2p-pnet-0.19.1","libp2p-pnet-0.20.0","libp2p-pnet-0.21.0","libp2p-pnet-0.22.0-rc.1","libp2p-pnet-0.29.2","libp2p-relay-0.1.0","libp2p-relay-0.2.0","libp2p-relay-0.3.0","libp2p-relay-0.4.0-rc.1","libp2p-relay-0.5.0","libp2p-relay-0.6.0","libp2p-relay-0.6.1","libp2p-relay-0.7.0","libp2p-relay-0.8.0","libp2p-relay-0.9.0","libp2p-rendezvous-0.1.0-rc.1","libp2p-rendezvous-0.2.0","libp2p-rendezvous-0.3.0","libp2p-rendezvous-0.4.0","libp2p-rendezvous-0.5.0","libp2p-rendezvous-0.6.0","libp2p-request-response-0.1.1","libp2p-request-response-0.10.0","libp2p-request-response-0.11.0","libp2p-request-response-0.12.0","libp2p-request-response-0.13.0-rc.1","libp2p-request-response-0.14.0","libp2p-request-response-0.15.0","libp2p-request-response-0.16.0","libp2p-request-response-0.17.0","libp2p-request-response-0.18.0","libp2p-request-response-0.2.0","libp2p-request-response-0.3.0","libp2p-request-response-0.4.0","libp2p-request-response-0.5.0","libp2p-request-response-0.6.0","libp2p-request-response-0.7.0","libp2p-request-response-0.8.0","libp2p-request-response-0.9.0","libp2p-request-response-0.9.1","libp2p-secio-0.19.2","libp2p-secio-0.20.0","libp2p-secio-0.21.0","libp2p-secio-0.22.0","libp2p-secio-0.23.0","libp2p-secio-0.24.0","libp2p-secio-0.25.0","libp2p-secio-0.26.0","libp2p-swarm-0.19.1","libp2p-swarm-0.20.0","libp2p-swarm-0.20.1","libp2p-swarm-0.21.0","libp2p-swarm-0.22.0","libp2p-swarm-0.23.0","libp2p-swarm-0.24.0","libp2p-swarm-0.25.0","libp2p-swarm-0.25.1","libp2p-swarm-0.26.0","libp2p-swarm-0.27.0","libp2p-swarm-0.27.1","libp2p-swarm-0.27.2","libp2p-swarm-0.28.0","libp2p-swarm-0.29.0","libp2p-swarm-0.30.0","libp2p-swarm-0.31.0-rc.1","libp2p-swarm-0.31.0-rc.2","libp2p-swarm-0.32.0","libp2p-swarm-0.33.0","libp2p-swarm-0.34.0","libp2p-swarm-0.35.0","libp2p-swarm-0.36.0","libp2p-swarm-derive-0.22.0","libp2p-swarm-derive-0.23.0","libp2p-swarm-derive-0.24.0","libp2p-swarm-derive-0.25.0-rc.1","libp2p-swarm-derive-0.26.0","libp2p-swarm-derive-0.26.1","libp2p-swarm-derive-0.27.0","libp2p-swarm-derive-0.27.1","libp2p-swarm-derive-0.27.2","libp2p-tcp-0.19.2","libp2p-tcp-0.20.0","libp2p-tcp-0.21.0","libp2p-tcp-0.22.0","libp2p-tcp-0.23.0","libp2p-tcp-0.24.0","libp2p-tcp-0.25.0","libp2p-tcp-0.25.1","libp2p-tcp-0.26.0","libp2p-tcp-0.27.0","libp2p-tcp-0.27.1","libp2p-tcp-0.28.0","libp2p-tcp-0.29.0","libp2p-tcp-0.30.0-rc.1","libp2p-tcp-0.31.0","libp2p-tcp-0.31.1","libp2p-tcp-0.32.0","libp2p-tcp-0.33.0","libp2p-uds-0.19.2","libp2p-uds-0.20.0","libp2p-uds-0.21.0","libp2p-uds-0.22.0","libp2p-uds-0.23.0","libp2p-uds-0.24.0","libp2p-uds-0.25.0","libp2p-uds-0.26.0","libp2p-uds-0.27.0","libp2p-uds-0.28.0","libp2p-uds-0.29.0","libp2p-uds-0.30.0-rc.1","libp2p-uds-0.31.0","libp2p-uds-0.32.0","libp2p-wasm-ext-0.20.0","libp2p-wasm-ext-0.20.1","libp2p-wasm-ext-0.21.0","libp2p-wasm-ext-0.22.0","libp2p-wasm-ext-0.23.0","libp2p-wasm-ext-0.24.0","libp2p-wasm-ext-0.25.0","libp2p-wasm-ext-0.26.0","libp2p-wasm-ext-0.27.0","libp2p-wasm-ext-0.28.0","libp2p-wasm-ext-0.28.1","libp2p-wasm-ext-0.28.2","libp2p-wasm-ext-0.29.0","libp2p-wasm-ext-0.30.0-rc.1","libp2p-wasm-ext-0.31.0","libp2p-wasm-ext-0.32.0","libp2p-wasm-ext-0.33.0","libp2p-websocket-0.20.0","libp2p-websocket-0.20.1","libp2p-websocket-0.21.0","libp2p-websocket-0.21.1","libp2p-websocket-0.22.0","libp2p-websocket-0.23.0","libp2p-websocket-0.24.0","libp2p-websocket-0.25.0","libp2p-websocket-0.26.0","libp2p-websocket-0.26.1","libp2p-websocket-0.26.2","libp2p-websocket-0.26.3","libp2p-websocket-0.27.0","libp2p-websocket-0.28.0","libp2p-websocket-0.29.0","libp2p-websocket-0.30.0","libp2p-websocket-0.31.0-rc.1","libp2p-websocket-0.32.0","libp2p-websocket-0.33.0","libp2p-websocket-0.34.0","libp2p-websocket-0.35.0","libp2p-yamux-0.19.1","libp2p-yamux-0.20.0","libp2p-yamux-0.21.0","libp2p-yamux-0.22.0","libp2p-yamux-0.23.0","libp2p-yamux-0.24.0","libp2p-yamux-0.25.0","libp2p-yamux-0.26.0","libp2p-yamux-0.27.0","libp2p-yamux-0.28.0","libp2p-yamux-0.29.0","libp2p-yamux-0.30.0","libp2p-yamux-0.30.1","libp2p-yamux-0.31.0","libp2p-yamux-0.32.0","libp2p-yamux-0.33.0","libp2p-yamux-0.34.0-rc.1","libp2p-yamux-0.35.0","libp2p-yamux-0.36.0","libp2p-yamux-0.37.0","multistream-select-0.10.0","multistream-select-0.10.1","multistream-select-0.10.2","multistream-select-0.10.4","multistream-select-0.11.0","multistream-select-0.8.2","multistream-select-0.8.3","multistream-select-0.8.4","multistream-select-0.8.5","multistream-select-0.9.0","multistream-select-0.9.1","parity-multiaddr-0.10.0","parity-multiaddr-0.11.0","parity-multiaddr-0.11.1","parity-multiaddr-0.11.2","parity-multiaddr-0.9.1","parity-multiaddr-0.9.2","parity-multiaddr-0.9.3","parity-multiaddr-0.9.4","parity-multiaddr-0.9.5","parity-multiaddr-0.9.6","prost-codec-0.1.0","rw-stream-sink-0.3.0","v0.1.0","v0.10.0","v0.11.0","v0.12.0","v0.13.0","v0.13.1","v0.13.2","v0.14.0-alpha.1","v0.15.0","v0.16.0","v0.16.1","v0.16.2","v0.17.0","v0.18.0","v0.18.1","v0.19.0","v0.19.1","v0.2.0","v0.2.1","v0.2.2","v0.20.0","v0.20.1","v0.21.0","v0.21.1","v0.22.0","v0.23.0","v0.24.0","v0.25.0","v0.26.0","v0.27.0","v0.28.0","v0.28.1","v0.29.0","v0.29.1","v0.3.0","v0.3.1","v0.30.0","v0.30.1","v0.31.0","v0.31.1","v0.31.2","v0.32.0","v0.32.1","v0.32.2","v0.33.0","v0.34.0","v0.35","v0.35.1","v0.36.0","v0.37.0","v0.37.1","v0.38.0","v0.39.0","v0.39.1","v0.4.0","v0.4.2","v0.40.0-rc.1","v0.40.0-rc.2","v0.40.0-rc.3","v0.41.0","v0.42.0","v0.42.1","v0.43.0","v0.44.0","v0.45.0","v0.5.0","v0.6.0","v0.7.0","v0.8.0","v0.9.0","v0.9.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-23486.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}