CVE-2022-36023

CVE-2022-36023 affects Hyperledger Fabric (gateway component). A malformed gateway request to a gateway peer can cause the peer to crash. The issue is addressed by upgrading to version 2.4.6, which implements input validation and returns an error to the gateway client instead of crashing. No publ...

Hyperledger Fabric 输入验证错误漏洞

Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. An input validation error vulnerability exists in Hyperledger Fabric gateway versions prior to 2.4.6, which stems from the possibility of crashing a peer node if the gatewa...

PT-2022-23122 · Unknown · Hyperledger Fabric

Name of the Vulnerable Software and Affected Versions: Hyperledger Fabric versions prior to 2.4.6 Description: Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request t...

CVE-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

CVE-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

CVE-2022-36023 Remote denial of service in Hyperledger Fabric Gateway

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...

Hyperledger: Cross Site Scripting Vulnerability in fabric-sdk-py source code

See this fix on GitHub https://github.com/hyperledger/fabric-sdk-py/pull/175 Impact Some old affected versions of this package are vulnerable to Cross-site Scripting XSS. Passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods i.e. .html,...

Hyperledger: fix(security):Path Traversal Bug

Unsanitized input from CLI argument flows into io.ioutil.ReadFile, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to read arbitrary files. See this fix : https://github.com/hyperledger/fabric/pull/3573 Impact There is a path traversal...

Hyperledger: Insecure TLS Configuration #3530

An insecure configuration was reported; however, this configuration is set on purpose in test code. Please see the resolved conversation on GitHub...

Hyperledger: fix(cmd-socketio-server): mitigate cross site scripting attack #2068

Please refer this fix and approve Bounty. See this In Github Security Fix @ryjones https://github.com/hyperledger/cactus/pull/2068issuecomment-1186157206 Impact fixcmd-socketio-server: mitigate cross site scripting attack...

Hyperledger: Remote denial of service in HyperLedger Fabric

How to reproduce 1.Bring up the test network.https://hyperledger-fabric.readthedocs.io/en/latest/testnetwork.htmlbring-up-the-test-network 2.Run the PoC. bash go run poc.go -server=192.168.0.208:7051 go package main import "context" "crypto/tls" "flag" "fmt"...

Hyperledger: Fix : (Security) Mitigate Path Traversal Bug

Unsanitized input from arg0 argument flows into java.io.FileOutputStream, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write to arbitrary files. Impact Being able to access and manipulate an arbitrary path leads to vulnerabilities when a...

GHSA-72X4-CQ6R-JP4P Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request

Impact If a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. This fix checks for the malformed consensus request and returns an error to the consensus client. Specific Go Packages Affected github.com/hyperledger/fabric/orderer/common/cluster Patche...

Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request

Impact If a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. This fix checks for the malformed consensus request and returns an error to the consensus client. Specific Go Packages Affected github.com/hyperledger/fabric/orderer/common/cluster Patche...

Denial Of Service (DoS)

github.com/hyperledger/fabric is vulnerable to denial of service DoS attacks. A remote attacker is able to cause denial of service conditions via sending a malformed consensus request to an orderer and crashing the orderer node...

CVE-2022-31121

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

Design/Logic Flaw

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

CVE-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...

CVE-2022-31121

Hyperledger Fabric vulnerability CVE-2022-31121 affects Fabric's orderer component. In affected versions, if a consensus client sends a malformed consensus request to an orderer, the orderer may crash. A fix was added in commit 0f1835949 that validates missing consensus messages and returns an er...

CVE-2022-31121 Improper Input Validation in fabric hyperledger

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...