Search criteria
6 vulnerabilities found for gossipsub by protocol
FKIE_CVE-2022-47547
Vulnerability from fkie_nvd - Published: 2022-12-19 09:15 - Updated: 2025-04-17 14:15
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://arxiv.org/pdf/2212.05197.pdf | Exploit, Technical Description, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://arxiv.org/pdf/2212.05197.pdf | Exploit, Technical Description, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:protocol:gossipsub:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF1A29BD-36CF-4052-991A-CD2E7903F351",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages."
},
{
"lang": "es",
"value": "GossipSub 1.1, tal como se usa para Ethereum 2.0, permite que un par mantenga una puntuaci\u00f3n positiva (y por lo tanto no sea eliminado de la red) incluso si se porta mal continuamente al no reenviar nunca mensajes tem\u00e1ticos."
}
],
"id": "CVE-2022-47547",
"lastModified": "2025-04-17T14:15:24.400",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2022-12-19T09:15:09.577",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://arxiv.org/pdf/2212.05197.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://arxiv.org/pdf/2212.05197.pdf"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-281"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2020-12821
Vulnerability from fkie_nvd - Published: 2020-07-07 20:15 - Updated: 2024-11-21 05:00
Severity ?
Summary
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:protocol:gossipsub:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F9117059-A555-4F2A-9D6B-36A5DCC04A5C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack."
},
{
"lang": "es",
"value": "Gossipsub versi\u00f3n 1.0, no resiste apropiadamente el correo no deseado de mensajes no v\u00e1lidos, tal y como un ataque tipo eclipse o un ataque tipo sybil"
}
],
"id": "CVE-2020-12821",
"lastModified": "2024-11-21T05:00:20.317",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-07-07T20:15:10.027",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2022-47547 (GCVE-0-2022-47547)
Vulnerability from cvelistv5 – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:05
VLAI?
Summary
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:55:08.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://arxiv.org/pdf/2212.05197.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:04:52.896652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:05:53.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://arxiv.org/pdf/2212.05197.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47547",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-19T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:05:53.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12821 (GCVE-0-2020-12821)
Vulnerability from cvelistv5 – Published: 2020-07-07 19:18 – Updated: 2024-08-04 12:04
VLAI?
Summary
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T19:18:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub",
"refsource": "MISC",
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"name": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md",
"refsource": "MISC",
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"name": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack",
"refsource": "MISC",
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"name": "https://github.com/ipfs/blog/pull/450",
"refsource": "CONFIRM",
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"name": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf",
"refsource": "CONFIRM",
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12821",
"datePublished": "2020-07-07T19:18:43",
"dateReserved": "2020-05-12T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-47547 (GCVE-0-2022-47547)
Vulnerability from nvd – Published: 2022-12-19 00:00 – Updated: 2025-04-17 14:05
VLAI?
Summary
GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages.
Severity ?
5.3 (Medium)
CWE
- n/a
Assigner
References
| URL | Tags | |
|---|---|---|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:55:08.307Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://arxiv.org/pdf/2212.05197.pdf"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-47547",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T14:04:52.896652Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T14:05:53.729Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "GossipSub 1.1, as used for Ethereum 2.0, allows a peer to maintain a positive score (and thus not be pruned from the network) even though it continuously misbehaves by never forwarding topic messages."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-19T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://arxiv.org/pdf/2212.05197.pdf"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-47547",
"datePublished": "2022-12-19T00:00:00.000Z",
"dateReserved": "2022-12-19T00:00:00.000Z",
"dateUpdated": "2025-04-17T14:05:53.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-12821 (GCVE-0-2020-12821)
Vulnerability from nvd – Published: 2020-07-07 19:18 – Updated: 2024-08-04 12:04
VLAI?
Summary
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:04:22.908Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-07T19:18:43",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-12821",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub",
"refsource": "MISC",
"url": "https://github.com/libp2p/specs/tree/master/pubsub/gossipsub"
},
{
"name": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md",
"refsource": "MISC",
"url": "https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md"
},
{
"name": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack",
"refsource": "MISC",
"url": "https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack"
},
{
"name": "https://github.com/ipfs/blog/pull/450",
"refsource": "CONFIRM",
"url": "https://github.com/ipfs/blog/pull/450"
},
{
"name": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf",
"refsource": "CONFIRM",
"url": "https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-12821",
"datePublished": "2020-07-07T19:18:43",
"dateReserved": "2020-05-12T00:00:00",
"dateUpdated": "2024-08-04T12:04:22.908Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}