CVE-2020-12821 Information

Description

Gossipsub 1.0 does not properly resist invalid message spam such as an eclipse attack or a sybil attack.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub20Evaluation20Report.pdf https://github.com/ipfs/blog/pull/450 https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md https://github.com/libp2p/specs/tree/master/pubsub/gossipsub

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8