Lucene search
K
HyperledgerFabric

5 matches found

CVE
CVE
added 2024/08/25 12:0 a.m.85 views

CVE-2024-45244

Hyperledger Fabric (versions up to 3.0.0 and 2.5.x up to 2.5.9) is documented to fail to verify that a request’s timestamp falls within the expected time window. The vulnerability affects the timestamp validation path in Fabric’s request handling, enabling possible manipulation of timestamps to b...

5.3CVSS6.2AI score0.00589EPSS
CVE
CVE
added 2022/08/18 12:0 a.m.83 views

CVE-2022-36023

CVE-2022-36023 affects Hyperledger Fabric (gateway component). A malformed gateway request to a gateway peer can cause the peer to crash. The issue is addressed by upgrading to version 2.4.6, which implements input validation and returns an error to the gateway client instead of crashing. No publ...

7CVSS5.8AI score0.00912EPSS
CVE
CVE
added 2023/11/14 8:23 p.m.82 views

CVE-2023-46132

CVE-2023-46132 describes a cross-linking attack against Hyperledger Fabric blocks where transaction encodings can be manipulated without changing the block hash. The connected documents provide concrete technical details and fixes: Fabric blocks hash transactions by naive concatenation, allowing ...

7.1CVSS6.6AI score0.00519EPSS
CVE
CVE
added 2022/07/07 6:0 p.m.75 views

CVE-2022-31121

Hyperledger Fabric vulnerability CVE-2022-31121 affects Fabric's orderer component. In affected versions, if a consensus client sends a malformed consensus request to an orderer, the orderer may crash. A fix was added in commit 0f1835949 that validates missing consensus messages and returns an er...

7.5CVSS7.4AI score0.01937EPSS
CVE
CVE
added 2022/11/12 12:0 a.m.75 views

CVE-2022-45196

CVE-2022-45196 affects Hyperledger Fabric 2.3. A vulnerability in the orderer channel handling allows an attacker to cause a denial-of-service (orderer crash) by repeatedly sending a crafted channel transaction with the same channel name. The publicly documented description notes that exploitatio...

7.5CVSS7.2AI score0.00797EPSS