Network Libp2P
Monthly
Remote unauthenticated denial of service crashes Nimiq blockchain nodes by exploiting a protocol state machine flaw. Attackers can force panic conditions in the libp2p discovery handler by opening duplicate protocol substreams, immediately taking peer-to-peer networking offline until manual restart. Vendor-released patch available in version 1.3.0 with no workarounds for unpatched systems, creating urgent upgrade requirement for blockchain node operators.
Denial of service in nimiq-libp2p prior to version 1.3.0 allows remote peers to exhaust node resources by sending partial frames on inbound substreams and keeping them open. The vulnerability combines unbounded stream reading via `read_to_end()` with a high concurrent stream limit of 1000, enabling attackers to accumulate stalled slots and degrade network availability without authentication or user interaction.
Remote unauthenticated denial of service crashes Nimiq blockchain nodes by exploiting a protocol state machine flaw. Attackers can force panic conditions in the libp2p discovery handler by opening duplicate protocol substreams, immediately taking peer-to-peer networking offline until manual restart. Vendor-released patch available in version 1.3.0 with no workarounds for unpatched systems, creating urgent upgrade requirement for blockchain node operators.
Denial of service in nimiq-libp2p prior to version 1.3.0 allows remote peers to exhaust node resources by sending partial frames on inbound substreams and keeping them open. The vulnerability combines unbounded stream reading via `read_to_end()` with a high concurrent stream limit of 1000, enabling attackers to accumulate stalled slots and degrade network availability without authentication or user interaction.