Vulnerability Description
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
CVSS Score
9.8
CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Protocol | Gossipsub | 1.0 |
References
- https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attackThird Party Advisory
- https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/GossExploitVendor Advisory
- https://github.com/ipfs/blog/pull/450PatchThird Party Advisory
- https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.mdThird Party Advisory
- https://github.com/libp2p/specs/tree/master/pubsub/gossipsubThird Party Advisory
- https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attackThird Party Advisory
- https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/GossExploitVendor Advisory
- https://github.com/ipfs/blog/pull/450PatchThird Party Advisory
- https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.mdThird Party Advisory
- https://github.com/libp2p/specs/tree/master/pubsub/gossipsubThird Party Advisory
FAQ
What is CVE-2020-12821?
CVE-2020-12821 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
How severe is CVE-2020-12821?
CVE-2020-12821 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-12821?
Check the references section above for vendor advisories and patch information. Affected products include: Protocol Gossipsub.