Vulnerability in Libp2p Rust-yamux
CVE-2026-32314
Yamux is a stream multiplexer over reliable, ordered connections such as TCP/IP. Prior to 0.13.10, the Rust implementation of Yamux can panic when processing a crafted inbound Data frame that sets SYN and uses a body length greater than DE…
EPSS: 0.001 (29.0th percentile) — read the EPSS interpretation.
Affected products
- Libp2p Rust-yamux — versions < 0.13.10
Weakness classification (CWE)
References
- https://github.com/libp2p/rust-yamux/security/advisories/GHSA-vxx9-2994-q338 (x_refsource_CONFIRM)