5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
49.3%
If a gateway client application sends a malformed request to a gateway peer it may crash the peer node.
This fix checks for the malformed gateway request and returns an error to the gateway client.
Fixed in v2.4.6.
None, users must upgrade to v2.4.6.
https://github.com/hyperledger/fabric/releases/tag/v2.4.6
If you have any questions or comments about this advisory:
Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hyperledger/fabric | ge | 2.4.0 | |
github.com/hyperledger/fabric | lt | 2.4.6 |
github.com/hyperledger/fabric
github.com/hyperledger/fabric/pull/3572
github.com/hyperledger/fabric/pull/3576
github.com/hyperledger/fabric/pull/3577
github.com/hyperledger/fabric/releases/tag/v2.4.6
github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r
nvd.nist.gov/vuln/detail/CVE-2022-36023
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
49.3%