CVE-2020-10937
First published: Mon Nov 02 2020(Updated: )
An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Protocol Ipfs | =0.4.23 | |
| go/github.com/ipfs/go-ipfs | <0.7.0 | 0.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-10937?
CVE-2020-10937 is classified as a medium severity vulnerability.
How do I fix CVE-2020-10937?
To mitigate CVE-2020-10937, update IPFS to version 0.7.0 or later.
What systems are affected by CVE-2020-10937?
CVE-2020-10937 affects IPFS version 0.4.23.
What type of attack does CVE-2020-10937 enable?
CVE-2020-10937 allows attackers to perform routing table poisoning and eclipse attacks on IPFS nodes.
What is the primary impact of CVE-2020-10937?
The primary impact of CVE-2020-10937 is the disruption of node communication within the IPFS network.
- collector/nvd-index
- agent/type
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-r23h-3jmw-q7hr
- alias/CVE-2020-10937
- agent/software-canonical-lookup
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/nvd-cve
- source/NVD
- agent/softwarecombine
- collector/github-advisory
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/protocol
- canonical/protocol ipfs
- version/protocol ipfs/0.4.23
- package-manager/go