223 matches found
BIT-HYPERLEDGER-FABRIC-ORDERER-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
BIT-HYPERLEDGER-FABRIC-PEER-2022-31121 Improper Input Validation in fabric hyperledger
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error ...
BIT-HYPERLEDGER-FABRIC-ORDERER-2022-36023 Remote denial of service in Hyperledger Fabric Gateway
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...
BIT-HYPERLEDGER-FABRIC-TOOLS-2022-36023 Remote denial of service in Hyperledger Fabric Gateway
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...
BIT-HYPERLEDGER-FABRIC-PEER-2022-36023 Remote denial of service in Hyperledger Fabric Gateway
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns...
BIT-HYPERLEDGER-FABRIC-ORDERER-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
BIT-HYPERLEDGER-FABRIC-PEER-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
BIT-HYPERLEDGER-FABRIC-TOOLS-2022-45196
Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...
BIT-HYPERLEDGER-FABRIC-TOOLS-2023-46132 Crosslinking transaction attack in hyperledger/fabric
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
BIT-HYPERLEDGER-FABRIC-PEER-2023-46132 Crosslinking transaction attack in hyperledger/fabric
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
BIT-HYPERLEDGER-FABRIC-ORDERER-2023-46132 Crosslinking transaction attack in hyperledger/fabric
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions...
Hyperledger: Code exec on Github runner via Pull request name
A command injection vulnerability was discovered in the GitHub Actions workflow of the Hyperledger Cacti repository. The vulnerability allowed an attacker to inject arbitrary commands and execute them on the GitHub runner by crafting a malicious pull request title. The vulnerability was present i...
@hyperledger/cactus-plugin-htlc-coordinator-besu (=2.0.0-alpha.2), @hyperledger/cactus-plugin-persistence-ethereum (>=2.0.0-2945-supply-chain-app-build-failed.241 <=2.0.0-main.214) +19 more potentially affected by CVE-2024-21505 via web3-utils (>=4.0.2-dev.a2a232f.0 <=4.2.1-dev.9d65c38.0)
web3-utils NPM version =4.0.2-dev.a2a232f.0, =2.0.0-2945-supply-chain-app-build-failed.241, =2.0.0-2945-supply-chain-app-build-failed.241, =0.0.88, =0.0.84, =0.0.244-test-deposit-improve-v19, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0,...
Hyperledger: Docker Secret Disclosure via GitHub Actions Cache Poisoning
The vulnerability involved the disclosure of Docker secrets through GitHub Actions cache poisoning. The issue was reported and subsequently resolved...
@hyperledger/cactus-plugin-htlc-coordinator-besu (=2.0.0-alpha.2), @hyperledger/cactus-plugin-persistence-ethereum (>=2.0.0-2945-supply-chain-app-build-failed.241 <=2.0.0-main.214) +20 more potentially affected by CVE-2024-21505 via web3-utils (>=4.0.0-alpha.1 <=4.2.1-dev.9d65c38.0)
web3-utils NPM version =4.0.0-alpha.1, =2.0.0-2945-supply-chain-app-build-failed.241, =2.0.0-2945-supply-chain-app-build-failed.241, =0.0.88, =0.0.84, =0.0.244-test-deposit-improve-v19, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0, =4.0.2-dev.3f49e18.0,...
Hyperledger Ursa Information Disclosure Vulnerability
Hyperledger Ursa is a cryptographic library open-sourced by Hyperledger for use with the blockchain. Hyperledger Ursa suffers from an information disclosure vulnerability that is caused by a flaw in the dangling scheme in the CL Signatures implementation. An attacker could exploit the vulnerabili...
Design/Logic Flaw
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
CVE-2022-31021
CVE-2022-31021 concerns Ursa/AnonCreds CL-Signatures: a weakness where the issuer’s key correctness proof is not published, potentially enabling weakened private keys that could allow verifiers to link presentations to the issuer. The issue applies to the CL-Signatures implementations used in Urs...
CVE-2022-31021 Unlinkability broken in ursa when verifiers use malicious keys
Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key is sufficient to...
Breaking unlinkability in Identity Mixer using malicious keys
CL Signatures Issuer Key Correctness Proof lacks of prime strength checking A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does not publish a key correctness proof demonstrating that a generated private key ...