5.3
CVE-2026-34062
- EPSS 0.3%
- Veröffentlicht 22.04.2026 19:23:36
- Zuletzt bearbeitet 24.04.2026 17:11:49
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginNimiq has Allocation of Resources Without Limits or Throttling in its libp2p request/response
nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_max_concurrent_streams(1000)`, the node exposes a much larger stalled-slot budget than the library default. The patch for this vulnerability is formally released as part of v1.3.0. No known workarounds are available.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nimiq ≫ Nimiq Proof-of-stake SwPlatformrust Version < 1.3.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.3% | 0.212 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
|
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.
https://github.com/nimiq/core-rs-albatross/releases/tag/v1.3.0
https://github.com/nimiq/core-rs-albatross/security/advisories/GHSA-gh7r-qh4p-q4fr
https://github.com/nimiq/core-rs-albatross/commit/c021a5337b808c73571b44999f9753051bac7508