3 matches found
CVE-2022-31006
CVE-2022-31006 affects Hyperledger Indy’s indy-node server. In vulnerable versions, an attacker can exhaust the ledger’s allowed client connections, causing a denial of service where the ledger remains functionally operable but unavailable to others until the attack ends. The impact is availabili...
CVE-2020-11093
Hyperledger Indy Node (server for decentralized identity) prior to version 1.12.4 suffers from lack of signature verification on a specific transaction (nym update). The flaw allows any DID to request a nym update for another DID without changing its own ROLE or VERKEY, regardless of sender. Cons...
CVE-2020-11090
Indy Node 1.12.2 contains an Uncontrolled Resource Consumption vulnerability in the TAA handling code. A malformed client transaction can crash the current primary, triggering view changes that, if repeated rapidly, may disrupt the network. The issue is fixed in version 1.12.3; users should upgra...