Vulnerability Details CVE-2020-12821
Gossipsub 1.0 does not properly resist invalid message spam, such as an eclipse attack or a sybil attack.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack
- https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf
- https://github.com/ipfs/blog/pull/450
- https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md
- https://github.com/libp2p/specs/tree/master/pubsub/gossipsub
- https://bitcoin.stackexchange.com/questions/61151/eclipse-attack-vs-sybil-attack
- https://gateway.ipfs.io/ipfs/QmPWuNBs8h6a8KamRvGqhTq5UDYJRQsEEy37zDKjujQQQm/Gossipsub%20Evaluation%20Report.pdf
- https://github.com/ipfs/blog/pull/450
- https://github.com/libp2p/specs/blob/master/pubsub/gossipsub/gossipsub-v1.1.md
- https://github.com/libp2p/specs/tree/master/pubsub/gossipsub