5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
41.6%
github.com/hyperledger/fabric is vulnerable to denial of service (DoS) attacks. Lack of validations in getChannelAndChaincodeFromSignedProposal
function may cause a peer node crash when a gateway client application sends a malformed request to a gateway peer.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hyperledger/fabric | le | v2.4.5 | |
github.com/hyperledger/fabric | le | v2.4.5 |
github.com/hyperledger/fabric/commit/468332ca3da1d7a37b0b5bcc749d0f4db718e46c
github.com/hyperledger/fabric/pull/3572
github.com/hyperledger/fabric/pull/3576
github.com/hyperledger/fabric/pull/3577
github.com/hyperledger/fabric/releases/tag/v2.4.6
github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
41.6%