Content Censorship in the InterPlanetary File System (IPFS) via Kademlia DHT abuse
Moderate severity
GitHub Reviewed
Published
Oct 25, 2024
to the GitHub Advisory Database
•
Updated Dec 12, 2024
Description
Published by the National Vulnerability Database
Oct 25, 2024
Published to the GitHub Advisory Database
Oct 25, 2024
Reviewed
Oct 25, 2024
Last updated
Dec 12, 2024
The Kademlia DHT (go-libp2p-kad-dht 0.20.0 and earlier) used in IPFS (0.18.1 and earlier) assigns routing information for content (i.e., information about who holds the content) to be stored by peers whose peer IDs have a small DHT distance from the content ID. This allows an attacker to censor content by generating many Sybil peers whose peer IDs have a small distance from the content ID, thus hijacking the content resolution process.
References