Vulnerability Details : CVE-2020-10937
An issue was discovered in IPFS (aka go-ipfs) 0.4.23. An attacker can generate ephemeral identities (Sybils) and leverage the IPFS connection management reputation system to poison other nodes' routing tables, eclipsing the nodes that are the target of the attack from the rest of the network. Later versions, in particular go-ipfs 0.7, mitigate this.
Products affected by CVE-2020-10937
- cpe:2.3:a:protocol:ipfs:0.4.23:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-10937
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-10937
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST | |
|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
3.9
|
3.6
|
NIST |
References for CVE-2020-10937
-
https://graz.pure.elsevier.com/en/publications/total-eclipse-of-the-heart-disrupting-the-interplanetary-file-sys
Total Eclipse of the Heart – Disrupting the InterPlanetary File System — Graz University of TechnologyThird Party Advisory
-
https://blog.ipfs.io/2020-10-30-dht-hardening/
Hardening the IPFS public DHT against eclipse attacksVendor Advisory
Jump to