http://45njaf23h5eaejpj6ew4kvmy3f22ada3hkpfybeu6r7dporthnua.b32.i2p/blog/CVE-2023-36325
I was contacted by the i2p project due to
hbapm6 acting very strange (IE: claiming to have a vuln and
refusing to show proof of it or how they triggered it, if you have a
de-anonymization attack for such a network, just share your code and
demonstrate it when asked, it will save so much time for everyone
involved), and after a month or two of cajoling, hbapm6 eventually
managed to de-anonymize a throwaway VPS that was acting as an i2p
router.