GSA_kwCzR0hTQS14OGM2LWdqNTktNnJ4OM4ABKGP

Moderate EPSS: 0.00041% (0.11471 Percentile) EPSS:

Permalink JSON

py-libp2p is vulnerable to DoS attacks through use of large RSA keys

Affected Packages	Affected Versions	Fixed Versions
pypi:libp2p	< 0.2.3	0.2.3
0 Dependent packages 1 Dependent repositories 653 Downloads last month Affected Version Ranges All affected versions 0.1.1, 0.1.2, 0.1.3, 0.1.4, 0.1.5, 0.2.0, 0.2.1, 0.2.2 All unaffected versions 0.2.3, 0.2.4, 0.2.5, 0.2.6, 0.2.7, 0.2.8, 0.2.9

py-libp2p before 0.2.3 allows a peer to cause a denial of service (resource consumption) via a large RSA key.

References:

https://nvd.nist.gov/vuln/detail/CVE-2025-29606
https://github.com/libp2p/py-libp2p/issues/526
https://github.com/libp2p/py-libp2p/pull/531/files
https://github.com/libp2p/py-libp2p/compare/v0.2.2...v0.2.3
https://github.com/libp2p/py-libp2p/commit/e150d3153af30530ce61d751bc166e099f1ead7a
https://github.com/advisories/GHSA-x8c6-gj59-6rx8

Identifiers

GHSA-x8c6-gj59-6rx8

CVE-2025-29606

Risk

Severity

Moderate

EPSS

EPSS Percentage: 0.00041

EPSS Percentile: 0.11471

Classification

General

Source

GitHub Advisory Database

Origin

Unspecified

Repository

https://github.com/libp2p/py-libp2p

Date and time

Published

15 days ago

Updated

15 days ago

API

JSON

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories