CVE-2026-35457: CWE-770: Allocation of Resources Without Limits or Throttling in libp2p rust-libp2p
CVE-2026-35457 is a high-severity vulnerability in the rust-libp2p library prior to version 0. 17. 1. The issue involves the rendezvous server storing pagination cookies without any bounds, allowing an unauthenticated peer to repeatedly send DISCOVER requests and cause unbounded memory growth. This can lead to a denial-of-service condition due to resource exhaustion. The vulnerability is fixed in rust-libp2p version 0. 17. 1.
AI Analysis
Technical Summary
The rust-libp2p networking stack's rendezvous server component improperly manages pagination cookies by storing them without limits. This lack of throttling or resource allocation control (CWE-770) enables an unauthenticated attacker to issue repeated DISCOVER requests, forcing the server to consume increasing amounts of memory. The vulnerability is addressed in version 0.17.1 of rust-libp2p.
Potential Impact
An unauthenticated attacker can cause unbounded memory growth on the rendezvous server by sending repeated DISCOVER requests, potentially leading to denial of service due to resource exhaustion. There is no direct confidentiality impact, but integrity is impacted due to potential service disruption.
Mitigation Recommendations
Upgrade rust-libp2p to version 0.17.1 or later, where this vulnerability is fixed. Since the vendor advisory or patch links are not explicitly provided, confirm the upgrade from official rust-libp2p sources. Patch status is not explicitly stated beyond the fix in 0.17.1, so verify the vendor advisory for the latest remediation guidance.
CVE-2026-35457: CWE-770: Allocation of Resources Without Limits or Throttling in libp2p rust-libp2p
Description
CVE-2026-35457 is a high-severity vulnerability in the rust-libp2p library prior to version 0. 17. 1. The issue involves the rendezvous server storing pagination cookies without any bounds, allowing an unauthenticated peer to repeatedly send DISCOVER requests and cause unbounded memory growth. This can lead to a denial-of-service condition due to resource exhaustion. The vulnerability is fixed in rust-libp2p version 0. 17. 1.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The rust-libp2p networking stack's rendezvous server component improperly manages pagination cookies by storing them without limits. This lack of throttling or resource allocation control (CWE-770) enables an unauthenticated attacker to issue repeated DISCOVER requests, forcing the server to consume increasing amounts of memory. The vulnerability is addressed in version 0.17.1 of rust-libp2p.
Potential Impact
An unauthenticated attacker can cause unbounded memory growth on the rendezvous server by sending repeated DISCOVER requests, potentially leading to denial of service due to resource exhaustion. There is no direct confidentiality impact, but integrity is impacted due to potential service disruption.
Mitigation Recommendations
Upgrade rust-libp2p to version 0.17.1 or later, where this vulnerability is fixed. Since the vendor advisory or patch links are not explicitly provided, confirm the upgrade from official rust-libp2p sources. Patch status is not explicitly stated beyond the fix in 0.17.1, so verify the vendor advisory for the latest remediation guidance.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2026-04-02T19:25:52.193Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d51c3baaed68159a2c14f2
Added to database: 4/7/2026, 3:01:15 PM
Last enriched: 4/14/2026, 3:55:24 PM
Last updated: 5/22/2026, 12:27:56 PM
Views: 52
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.