CVE-2026-35405

HIGH SEVERITY

CVSS Score & Metrics

Base Score

7.5 / 10

Vector String

                                        CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H                                    

Vulnerability Description

libp2p-rust is the official rust language Implementation of the libp2p networking stack. Prior to 0.17.1, libp2p-rendezvous server has no limit on how many namespaces a single peer can register. A malicious peer can just keep registering unique namespaces in a loop and the server happily accepts every single one allocating memory for each registration with no pushback. Keep doing this long enough (or with multiple sybil peers) and the server process gets OOM killed. This vulnerability is fixed in 0.17.1.

Vulnerability Details

Published Date

April 04, 2026

Last Modified

April 09, 2026

CWE ID

CWE-770

Source

GitHub

Vendor

rust

Product

libp2p-rendezvous

External References

https://github.com/libp2p/rust-libp2p/security/advisories/GHSA-cqfx-gf56-8x59
https://github.com/advisories/GHSA-cqfx-gf56-8x59

CVE-2026-35405

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment