GoogleOSV:GHSA-QJ6R-FHRC-JJ5RRemote denial of service in Hyperledger Fabric Gateway
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
49.3%
Impact
If a gateway client application sends a malformed request to a gateway peer it may crash the peer node.
This fix checks for the malformed gateway request and returns an error to the gateway client.
Patches
Fixed in v2.4.6.
Workarounds
None, users must upgrade to v2.4.6.
References
https://github.com/hyperledger/fabric/releases/tag/v2.4.6
For more information
If you have any questions or comments about this advisory:
- Open an issue in Fabric
Credits
Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/hyperledger/fabric | ge | 2.4.0 | |
| github.com/hyperledger/fabric | lt | 2.4.6 |
References
github.com/hyperledger/fabric
github.com/hyperledger/fabric/pull/3572
github.com/hyperledger/fabric/pull/3576
github.com/hyperledger/fabric/pull/3577
github.com/hyperledger/fabric/releases/tag/v2.4.6
github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r
nvd.nist.gov/vuln/detail/CVE-2022-36023
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
49.3%