An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-11-02T16:53:10
Updated: 2024-08-04T11:21:13.654Z
Reserved: 2020-03-24T00:00:00
Link: CVE-2020-10937
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-11-02T21:15:21.100
Modified: 2024-11-21T04:56:24.607
Link: CVE-2020-10937
Redhat
No data.