GHSA-84x2-2qv6-qg56: 
Rust vulnerability analysis and mitigation

The Nervos CKB (Common Knowledge Base) network was found to have a critical vulnerability in its P2P protocols due to the absence of rate limiting. This vulnerability, identified as GHSA-84x2-2qv6-qg56, affected versions prior to 0.34.0 of the CKB software. The issue was discovered and disclosed on June 5, 2020, impacting all nodes connected to the CKB P2P network (GitHub Advisory).

The vulnerability stems from a design flaw in the P2P protocols where nodes lack proper rate limiting mechanisms. Specifically, in the relay protocol, when a node receives broadcasted transaction hashes (tx_hashes), it marks them in memory to prevent duplicate requests. However, this mechanism can be exploited by generating random transaction hashes, potentially overwhelming the node's memory resources (GitHub Advisory).

The vulnerability affects all nodes connected to the CKB P2P network, making it a critical security concern. When exploited, it could lead to Denial of Service (DoS) attacks, potentially disrupting the network's normal operation and affecting the overall stability of the Nervos CKB network (GitHub Advisory).

The vulnerability was patched in version 0.34.0 of the CKB software. As a workaround, users are advised to apply rate limiting on the data sent to the CKB P2P port. The fix implemented includes setting up a rate limiter keyed by peer and message type that allows through 30 requests per second, providing a flexible hard cap with buffer (GitHub Commit).