5 matches found
CVE-2024-45244
Hyperledger Fabric (versions up to 3.0.0 and 2.5.x up to 2.5.9) is documented to fail to verify that a request’s timestamp falls within the expected time window. The vulnerability affects the timestamp validation path in Fabric’s request handling, enabling possible manipulation of timestamps to b...
CVE-2022-36023
CVE-2022-36023 affects Hyperledger Fabric (gateway component). A malformed gateway request to a gateway peer can cause the peer to crash. The issue is addressed by upgrading to version 2.4.6, which implements input validation and returns an error to the gateway client instead of crashing. No publ...
CVE-2023-46132
CVE-2023-46132 describes a cross-linking attack against Hyperledger Fabric blocks where transaction encodings can be manipulated without changing the block hash. The connected documents provide concrete technical details and fixes: Fabric blocks hash transactions by naive concatenation, allowing ...
CVE-2022-31121
Hyperledger Fabric vulnerability CVE-2022-31121 affects Fabric's orderer component. In affected versions, if a consensus client sends a malformed consensus request to an orderer, the orderer may crash. A fix was added in commit 0f1835949 that validates missing consensus messages and returns an er...
CVE-2022-45196
CVE-2022-45196 affects Hyperledger Fabric 2.3. A vulnerability in the orderer channel handling allows an attacker to cause a denial-of-service (orderer crash) by repeatedly sending a crafted channel transaction with the same channel name. The publicly documented description notes that exploitatio...