GMS-2023-1408: github.com/ipfs/go-bitswap vulnerable to DOS unbounded persistent memory leak

May 11, 2023 (updated June 16, 2023)

This package has been moved to https://pkg.go.dev/github.com/ipfs/boxo/bitswap, this vulnerability is tracked there: https://github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5 (CVE-2023-25568)

References

github.com/advisories/GHSA-q3j6-22wf-3jh9
github.com/ipfs/boxo/security/advisories/GHSA-m974-xj4j-7qv5
github.com/ipfs/go-bitswap/security/advisories/GHSA-q3j6-22wf-3jh9
github.com/ipfs/go-libipfs/security/advisories/GHSA-m974-xj4j-7qv5
nvd.nist.gov/vuln/detail/CVE-2023-25568

Detect and mitigate GMS-2023-1408 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →