Affected versions of
libp2p-secio does not correctly verify that the
DstPeer matches the
PeerId discovered in the crypto handshake, resulting in a high severity identity spoofing vulnerability.
Update to version 0.9.0 or later.
Have content suggestions? Send them to [email protected]
publishedAdvisory publishedJan 15th, 2018
reportedInitial report by Maciej KrügerJan 15th, 2018