CVE-2026-34062 in core-rs-albatrossالمعلومات

الملخص

بحسب MITRE • 22/04/2026

nimiq-libp2p is a Nimiq network implementation based on libp2p. Prior to version 1.3.0, `MessageCodec::read_request` and `read_response` call `read_to_end()` on inbound substreams, so a remote peer can send only a partial frame and keep the substream open. because `Behaviour::new` also sets `with_max_concurrent_streams(1000)`, the node exposes a much larger stalled-slot budget than the library default. The patch for this vulnerability is formally released as part of v1.3.0. No known workarounds are available.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

GitHub M

حجز

25/03/2026

إفشاء

22/04/2026

الاعتدال

تمت الموافقة

إدخال

VDB-359051

CPE

جاهز

CWE

CWE-770 (مؤكد)

CVSS

5.3 (CNA)

EPSS

0.00056

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-34062
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-34062
CVE Details	https://www.cvedetails.com/cve/CVE-2026-34062/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!