CVE-2020-10937

Опубликовано: 02 нояб. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.

Ссылки

https://blog.ipfs.io/2020-10-30-dht-hardening/
Vendor Advisory
https://graz.pure.elsevier.com/en/publications/total-eclipse-of-the-heart-disrupting-the-interplanetary-file-sys
Third Party Advisory
https://blog.ipfs.io/2020-10-30-dht-hardening/
Vendor Advisory
https://graz.pure.elsevier.com/en/publications/total-eclipse-of-the-heart-disrupting-the-interplanetary-file-sys
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:protocol:ipfs:0.4.23:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00536

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2020-10937

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can ...

GHSA-r23h-3jmw-q7hr

CVSS3: 7.5

github

почти 2 года назад

Access Restriction Bypass in go-ipfs

EPSS

Процентиль: 67%

0.00536

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo