Yamux Memory Exhaustion Vulnerability via Active::pending_frames property
Attack scenario The Rust implementation of the Yamux stream multiplexer uses a vector for pending frames. This vector is not bounded in length. Every time the Yamux protocol requires sending of a new frame, this frame gets appended to this vector. This can be remotely triggered in a number of ways, for example by: Opening a new libp2p Identify stream. This causes the node to send its Identify message. Of …