Volerion logoVolerion
Volerion logoVolerion

Dragonfly Denial-of-Service Vulnerability Due to Improper Traffic Management

Vulnerability

A denial-of-service vulnerability has been identified in Dragonfly versions prior to 2.1.0. The issue arises in the processPieceFromSource method, which is responsible for updating a Task structure during data processing. The vulnerability occurs because the method fails to correctly update the usedTraffic field. An uninitialized variable is incorrectly used to control the traffic addition, leading to the metadata not being updated. This mismanagement of traffic data causes rate limiting to be improperly applied, creating a denial-of-service condition for the affected peer.

Impact

The vulnerability disrupts the normal task processing by not updating the traffic usage metadata, which is crucial for proper rate limiting. This oversight can lead to a denial-of-service condition, where the affected peer may be overwhelmed or unable to process tasks effectively.

Remediation

Users can upgrade to Dragonfly version 2.1.0 or later to address this vulnerability.

Added: Sep 17, 2025, 8:23 PM
Updated: Sep 17, 2025, 8:23 PM

Vulnerability Rating

Custom Algorithm
spread
2.4
impact
2.5
exploitability
6.0
remediation
7.7
relevance
0.6
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.