+ "details": "## Description\n### Summary\nThe Rust libp2p Gossipsub implementation contains a remotely reachable panic in `backoff` expiry handling. \nAfter a peer sends a crafted `PRUNE` control message with an attacker-controlled, near-maximum `backoff` value, the value is accepted and stored as an `Instant` near the representable upper bound. On a later heartbeat, the implementation performs unchecked `Instant + Duration` arithmetic (`backoff_time + slack`), which can overflow and panic with:\n`overflow when adding duration to instant`\nThis issue is reachable from any Gossipsub peer over normal `TCP + Noise + mplex/yamux` connectivity and requires no further authentication beyond becoming a protocol peer.\n### Attack Scenario\nAn attacker that can establish a libp2p Gossipsub session with a target node can crash the target by sending crafted `PRUNE` control data:\n1. Establish a standard libp2p session (`TCP + Noise`) and negotiate a stream multiplexer (`mplex`/`yamux`).\n2. Open a Gossipsub stream and send an RPC containing `ControlPrune` with a very large `backoff` (chosen near boundary conditions, e.g. `~ i64::MAX - victim_uptime_seconds`; example observed: `9223372036854674580` for ~28h uptime).\n3. The value is parsed from protobuf and passed through `Behaviour::handle_prune()` into mesh/backoff update logic.\n4. Initial storage path uses checked addition (`Instant::now().checked_add(...)`), so the malicious near-max value is retained.\n5. On the next heartbeat (typically within ~43–74s), expiry logic computes `backoff_time + slack` using unchecked addition, which overflows and panics.\n### Impact\nRemote unauthenticated denial of service (critical). \nAny application exposing an affected `libp2p-gossipsub` listener can be crashed by a network-reachable peer that sends crafted `PRUNE` backoff values. The crash is triggered during heartbeat processing (not immediately at PRUNE parse time), and can be repeated by reconnecting and replaying the message.\n\n### Differences from CVE-2026-33040\nThis advisory is related to CVE-2026-33040 but it is not the same defect. CVE-2026-33040 addressed overflow during backoff insertion by adding checked arithmetic when converting PRUNE backoff into an Instant. The issue in this advisory occurs at a different location and at a different time: a near-maximum backoff can still be stored successfully, and the crash happens later in the heartbeat path when slack is added to that stored Instant using unchecked arithmetic. This report covers a distinct secondary overflow path in heartbeat expiry handling that remained reachable after the original insertion-side hardening.\n\nThis vulnerability was originally reported by the Security team of the Ethereum Foundation.",
![advisory-database[bot]](https://avatars.githubusercontent.com/in/21409?v=4&size=40){kind=avatar}
0 commit comments