libp2p Rust Gossipsub Backoff Handling Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Rust implementation of the libp2p Gossipsub protocol, prior to version 0.49.4. The issue arises when a peer sends a crafted PRUNE control message containing an attacker-controlled, near-maximum backoff value. This value is accepted and stored as an Instant, close to the upper representable limit. During a subsequent heartbeat, the implementation adds the backoff time to the current time using unchecked arithmetic, which can cause an overflow and result in a panic. This vulnerability can be exploited by any Gossipsub peer over standard TCP, with Noise for encryption, and using either mplex or yamux for multiplexing. No additional authentication is required beyond being a protocol peer.

Impact

Exploitation of this vulnerability leads to a remote, unauthenticated denial-of-service condition, causing the application to crash. The denial-of-service can be repeated by reconnecting and resending the crafted PRUNE message.

Reproduction

To reproduce this vulnerability, establish a libp2p session over TCP with Noise encryption, and negotiate a stream multiplexer (either mplex or yamux). Once the session is active, open a Gossipsub stream and send a PRUNE control message with a large backoff value, chosen to be near the maximum representable limit. The Gossipsub implementation will accept this value and store it as an Instant. During the next heartbeat, the unchecked addition of the backoff time will cause an overflow, leading to a panic and crashing the application.

Remediation

Users should upgrade to libp2p version 0.49.4 or later, where this vulnerability has been patched.