Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04NHgyLTJxdjYtcWc1Ns4AA5Ch

Nervos CKB P2P DoS Attacks

The P2P protocols lack of rate limit. For example, in relay protocol, when a node receives a broadcasted tx_hashes, it will mark it in memory to avoid duplicated requests. code → .

It is easy to establish a DoS attach by generating random tx hashes.

Impact

It affects all nodes connected to the P2P network.

Workarounds

Apply rate limit on the data sent to CKB P2P port.

Permalink: https://github.com/advisories/GHSA-84x2-2qv6-qg56
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04NHgyLTJxdjYtcWc1Ns4AA5Ch
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: 28 days ago
Updated: 28 days ago


Identifiers: GHSA-84x2-2qv6-qg56
References:

Affected Packages

cargo:ckb
Versions: < 0.34.0
Fixed in: 0.34.0