CVE-2020-11090

Опубликовано: 11 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.

Ссылки

https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123
Release Notes
Third Party Advisory
https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c
Third Party Advisory
https://pypi.org/project/indy-node/1.12.3/
Third Party Advisory
https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123
Release Notes
Third Party Advisory
https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c
Third Party Advisory
https://pypi.org/project/indy-node/1.12.3/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:linuxfoundation:indy-node:1.12.2:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00408

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

GHSA-3gw4-m5w7-v89c