Description

The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.

INFO

Published Date :

2024-10-25T00:00:00.000Z

Last Modified :

2024-10-25T19:56:54.665Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2023-26248 vulnerability.

Vendors Products
Kademila
  • Dht
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-26248.

URL Resource
https://arxiv.org/abs/2307.12212 cve-icon cve-icon
https://github.com/libp2p/go-libp2p-kad-dht cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact