CVE Vulnerability

CVE-2022-36023

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/hyperledger/fabric/releases/tag/v2.4.6 Release Notes
https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r Third Party Advisory
https://github.com/hyperledger/fabric/pull/3572 Patch
https://github.com/hyperledger/fabric/pull/3577 Patch
https://github.com/hyperledger/fabric/pull/3576 Patch
Configurations

Configuration 1

cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*
Information

Published : 2022-08-18 04:15

Updated : 2023-02-16 02:32

NVD link : CVE-2022-36023

Mitre link : CVE-2022-36023

Products Affected
No products.
CWE
CWE-20