CVE-2023-26248

{"id": "CVE-2023-26248", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-10-25T16:15:09.500", "references": [{"url": "https://arxiv.org/abs/2307.12212", "source": "cve@mitre.org"}, {"url": "https://github.com/libp2p/go-libp2p-kad-dht", "source": "cve@mitre.org"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-352"}]}], "descriptions": [{"lang": "en", "value": "The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process."}, {"lang": "es", "value": "El DHT de Kademlia (go-libp2p-kad-dht 0.20.0 y versiones anteriores) utilizado en IPFS (0.18.1 y versiones anteriores) asigna informaci\u00f3n de enrutamiento para el contenido (es decir, informaci\u00f3n sobre qui\u00e9n posee el contenido) que se almacenar\u00e1 por pares cuyos identificadores de pares tienen una peque\u00f1a distancia DHT del identificador de contenido. Esto permite que un atacante censure el contenido generando muchos pares Sybil cuyos identificadores de pares tienen una peque\u00f1a distancia del identificador de contenido, secuestrando as\u00ed el proceso de resoluci\u00f3n de contenido."}], "lastModified": "2024-10-28T13:58:09.230", "sourceIdentifier": "cve@mitre.org"}