223 matches found
Hyperledger Fabric Security Vulnerabilities
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. Hyperledger Fabri has a security vulnerability that stems from a flaw in the way hash processing is performed, which allows an attacker to craft a cross-linking block that...
PT-2023-29865 · Unknown · Hyperledger Fabric
Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric versions prior to 2.2.14 and 2.5.5 Description: The issue arises from the way Hyperledger Fabric hashes transactions in a block, which allows an adversary to manipulate the transactions without changing the computed hash of...
Hyperledger: [indy_node]POOL_UPGRADE command injection, Trustee Node can execute command in any other Node`s system.
Vulnerability description not provided...
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in SnakeYAML (CVE-2022-38749, CVE-2022-38750, CVE-2022-38751 & CVE-2022-38752)
Summary A denial of service issue was identified within SnakeYAML that is used by Fabric Gateway. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and Hyperledger Fabric. Vulnerability Details...
Denial Of Service (DoS)
github.com/hyperledger/fabric is vulnerable to Denial Of Service DoS. A remote attacker is able to cause a system panic by repeatedly sending a crafted channel tx with the same channel name, resulting in denial of service conditions...
CVE-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
PYSEC-2022-43055
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
Design/Logic Flaw
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
PYSEC-2022-43055
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
CVE-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
Hyperledger Fabric 资源管理错误漏洞
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A security vulnerability exists in Hyperledger Fabric version 2.3 that stems from the fact that it allows an attacker to cause a denial of service by repeatedly sending a...
CVE-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
CVE-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
CVE-2022-45196
CVE-2022-45196 affects Hyperledger Fabric 2.3. A vulnerability in the orderer channel handling allows an attacker to cause a denial-of-service (orderer crash) by repeatedly sending a crafted channel transaction with the same channel name. The publicly documented description notes that exploitatio...
Hyperledger: Dependency confusion in https://github.com/hyperledger/aries-mobile-agent-react-native
Vulnerability description not provided...
Hyperledger: CVE-2017-5929: Hyperledger - Arbitrary Deserialization of Untrusted Data
Vulnerability Overview Serialization is a process of converting an object into a sequence of bytes which can be persisted to a disk or database or can be sent through streams. The reverse process of creating object from sequence of bytes is called deserialization. Serialization is commonly used f...
Remote denial of service in Hyperledger Fabric Gateway
Impact If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. This fix checks for the malformed gateway request and returns an error to the gateway client. Patches Fixed in v2.4.6. Workarounds None, users must upgrade to v2.4.6. References...
GHSA-QJ6R-FHRC-JJ5R Remote denial of service in Hyperledger Fabric Gateway
Impact If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. This fix checks for the malformed gateway request and returns an error to the gateway client. Patches Fixed in v2.4.6. Workarounds None, users must upgrade to v2.4.6. References...
Denial Of Service (DOS)
Hyperledger Fabric is vulnerable to denial of service. The vulnerability is due to non validated requests. An attacker can construct requests with invalid channel and chaincode information, which might crash the peer service...
Hyperledger Fabric Denial of Service Vulnerability
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. A denial of service vulnerability exists in versions of Hyperledger Fabric prior to 2.4.0 that stems from not properly handling incoming error messages, which can be...