#c++

### Impact Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. ### Patches (What to do as a js-libp2p consumer:) Update your js-libp2p dependency to `v0.38.0` or greater. ### Workarounds There are no workarounds, and so we recommend to upgrade your js-libp2p version. Some range of attacks can be mitigated using OS tools (like manually blocking malicious peers using iptables or ufw ) or making use of a load balancer in front of libp2p nodes. You can also use the [allow deny list in js-li...

### Impact `v0.18.0` and older versions of go-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of go-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. In the original version of the attack, the malicious node would continue opening new streams on a stream multiplexer that doesn’t provide sufficient back pressure (yamux or mplex). It is easy to defend against this one attack, but there are countless variations of this attack: * Opening streams and causing a non-trivial memory allocation (e.g., for multistream or protobuf parsing) * Creating a lot of sybil nodes and opening ne...

js-libp2p is the official javascript Implementation of libp2p networking stack. Versions older than `v0.38.0` of js-libp2p are vulnerable to targeted resource exhaustion attacks. These attacks target libp2p’s connection, stream, peer, and memory management. An attacker can cause the allocation of large amounts of memory, ultimately leading to the process getting killed by the host’s operating system. While a connection manager tasked with keeping the number of connections within manageable limits has been part of js-libp2p, this component was designed to handle the regular churn of peers, not a targeted resource exhaustion attack. Users are advised to update their js-libp2p dependency to `v0.38.0` or greater. There are no known workarounds for this vulnerability.

### Impact An attacker node can cause a victim node to allocate a large number of small memory chunks, which can ultimately lead to the victim’s process running out of memory and thus getting killed by its operating system. When executed continuously, this can lead to a denial of service attack, especially relevant on a larger scale when run against more than one node of a libp2p based network. ### Details In the original version of the attack, the malicious node would continuously open new streams on a single connection using a stream multiplexer that doesn’t provide sufficient back pressure (mplex or yamux). While allocations per stream might be considered small, they multiply with the number of streams and connections. It is easy to defend against this one attack, e.g. by setting a strict per connection stream limit and connection limit. But there are other variations of this attack, e.g. causing memory allocations by sending partial payloads on various protocol levels, forcing t...

An update for protobuf is now available for Red Hat OpenStack Platform 16.2.4 (Train). Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-22570: protobuf: Incorrect parsing of nullchar in the proto symbol leads to Nullptr dereference

Software firms and the National Security Agency urge developers to move to memory-safe programming languages to eliminate a major source of high-severity flaws.

### Summary Unsafe extracting using `shutil.unpack_archive()` from a remotely retrieved tarball may lead to writing the extracted file to an unintended destination. ### Details Extracting files using `shutil.unpack_archive()` from a potentially malicious tarball without validating that the destination file path is within the intended destination directory can cause files outside the destination directory to be overwritten. The vulnerable code snippet is between [L153..158](https://github.com/DataDog/guarddog/blob/a1d064ceb09d39bb28deb6972bc0a278756ea91f/guarddog/scanners/package_scanner.py#L153..158). ```python response = requests.get(url, stream=True) with open(zippath, "wb") as f: f.write(response.raw.read()) shutil.unpack_archive(zippath, unzippedpath) ``` It seems that a remotely retrieved tarball which could be with the extension `.tar.gz` happens to be unpacked using `shutil.unpack_archive()` with no destination verification/limitation of the extracted files. ###...

The Cap'n Proto library and capnp Rust package are vulnerable to out-of-bounds read due to logic error handling list-of-list. If a message consumer expects data of type "list of pointers", and if the consumer performs certain specific actions on such data, then a message producer can cause the consumer to read out-of-bounds memory. This could trigger a process crash in the consumer, or in some cases could allow exfiltration of private in-memory data. Impact ====== - Remotely segfault a peer by sending it a malicious message, if the victim performs certain actions on a list-of-pointer type. - Possible exfiltration of memory, if the victim performs additional certain actions on a list-of-pointer type. - To be vulnerable, an application must perform a specific sequence of actions, described below. At present, **we are not aware of any vulnerable application**, but we advise updating regardless. Fixed in ======== Unfortunately, the bug is present in inlined code, therefore the fix will...

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.

Mikrotik RouterOs before stable v7.6 was discovered to contain an out-of-bounds read in the snmp process. This vulnerability allows attackers to execute arbitrary code via a crafted packet.