NRDAX
Submit

← registry

NRDAX-T0327 - Unbounded Registration Storage Exhaustion

memory_amp · active · first seen 2026-07-10

provenance: Reproduced in NullRabbit's attack-reproduction pipeline

mechanism

CVE-2026-35457 (GHSA-v5hw-cv9c-rpg7): libp2p-rendezvous server stores DISCOVER pagination cookies in an unbounded in-memory map (Registrations::cookies) with no size cap / eviction / expiry - a flood

instances (2)

chainprimitivefidelityoriginreproducer (bundle)source
libp2p libp2p_rendezvous_cookie_exhaustion lab reverse-engineered-cve libp2p_rendezvous_cookie_exhaustion https://github.com/advisories/GHSA-v5hw-cv9c-rpg7 ↗
libp2p libp2p_rendezvous_namespace_oom lab reverse-engineered-cve libp2p_rendezvous_namespace_oom https://github.com/advisories/GHSA-cqfx-gf56-8x59 ↗

related (memory_amp)

cite

https://nrdax.com/techniques/NRDAX-T0327

plain

NRDAX Registry. Technique NRDAX-T0327.

bibtex
@misc{nrdax_NRDAX_T0327,
  title = {Unbounded Registration Storage Exhaustion (NRDAX-T0327)},
  howpublished = {NRDAX Registry},
  url = {https://nrdax.com/techniques/NRDAX-T0327},
}
json (csl)
{
  "id": "nrdax-NRDAX-T0327",
  "type": "dataset",
  "title": "Unbounded Registration Storage Exhaustion (NRDAX-T0327)",
  "URL": "https://nrdax.com/techniques/NRDAX-T0327",
  "publisher": "NRDAX Registry"
}