222 matches found
CVE-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
Hyperledger Fabric 输入验证错误漏洞
Hyperledger Fabric is an enterprise licensed distributed ledger framework. It is used to develop solutions and applications. Hyperledger Fabric suffers from an input validation error vulnerability that stems from incorrect validation of inputs in a consensus request, which could be exploited by a...
Hyperledger: Remote denial of service in HyperLedger Fabric
This issue was caused by a missing check of nil. An orderer to orderer consensus message that contains an empty inner message crashes the node because it attempts to figure out its type and the mere action of determining the type of a nil pointer, causes a panic. Thank you to Haosheng Wang of OPP...
GHSA-VJJ6-5M9F-WQJW NULL Pointer Dereference in HyperLedger Fabric
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...
NULL Pointer Dereference in HyperLedger Fabric
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...
Hyperledger: Unauthorized packages modification or secrets exfiltration via GitHub actions
Thank you to @dustywormwood for working closely with the Iroha team to fix this issue. You can learn more about this vulnerability type at https://github.com/nikitastupin/pwnhub. Thanks to the Hyperledger team for thorough remediation and clear communication!...
@biconomy/hyphen-contracts (=1.0.4), @bobanetwork/contracts (=0.0.2) +17 more potentially affected by unknown CVE via @openzeppelin/contracts-upgradeable (>=4.3.0 <=4.4.1)
@openzeppelin/contracts-upgradeable NPM version =4.3.0, =0.0.1, =0.5.0, =3.4.0, =1.5.0, =1.4.0, =1.5.0, =1.4.0, =1.0.0-main.334593a7.46, =2.4.0, =2.0.0, =1.0.0, =2.0.2, =3.0.0-beta, =3.0.1 and more Source cves: unknown CVE Source advisory: OSV:GHSA-M6W8-FQ7V-PH4M...
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to issues in Apache Log4j (CVE-2021-45105 & CVE-2021-44832)
Summary A Denial of Service issue was identified within the Log4j fix for CVE-2021-45046 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers and...
Security Bulletin: IBM MQ Blockchain bridge dependencies are vulnerable to an issue in Apache Log4j (CVE-2021-45046)
Summary A Remote Code Execution issue was identified within the Log4j fix for CVE-2021-44228 that is used by Fabric Gateway to provide logging functionality. Fabric Gateway is used by the IBM MQ blockchain bridge component of IBM MQ to provide connection capability between IBM MQ queue managers a...
HTTP Request Smuggling in github.com/hyperledger/fabric
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
GHSA-J96P-R523-8R3W HTTP Request Smuggling in github.com/hyperledger/fabric
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
CVE-2021-43669
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
CVE-2021-43667
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...
CVE-2021-43669
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
CVE-2021-43667
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...
Design/Logic Flaw
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any...
Design/Logic Flaw
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
CVE-2021-43669
Affected product/versions: Hyperledger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. Vulnerability detail: crafted message with an invalid header to the Order interface can cause disruption of multiple orderers. Root cause: header validation issue at the Order interface; exact code details not provided ...
CVE-2021-43669
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the...
CVE-2021-43667
CVE-2021-43667 affects Hyperledger Fabric versions 1.4.0, 2.0.0, and 2.1.0. The vulnerability arises when a message with a nil payload is sent via the forwardToLeader method, which can cause a leader node to crash. The issue has been admitted and fixed by the Fabric developers. The provided sourc...