Описание
Remote denial of service in Hyperledger Fabric Gateway
Impact
If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. This fix checks for the malformed gateway request and returns an error to the gateway client.
Patches
Fixed in v2.4.6.
Workarounds
None, users must upgrade to v2.4.6.
References
https://github.com/hyperledger/fabric/releases/tag/v2.4.6
For more information
If you have any questions or comments about this advisory:
- Open an issue in Fabric
Credits
Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.
Ссылки
- https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r
- https://nvd.nist.gov/vuln/detail/CVE-2022-36023
- https://github.com/hyperledger/fabric/pull/3572
- https://github.com/hyperledger/fabric/pull/3576
- https://github.com/hyperledger/fabric/pull/3577
- https://github.com/hyperledger/fabric/releases/tag/v2.4.6
Пакеты
github.com/hyperledger/fabric
>= 2.4.0, < 2.4.6
2.4.6
Связанные уязвимости
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.