CVE-2021-43667

Опубликовано: 18 нояб. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.

Ссылки

https://github.com/hyperledger/fabric/pull/2844
Patch
Third Party Advisory
https://jira.hyperledger.org/browse/FAB-18529
Exploit
Vendor Advisory
https://github.com/hyperledger/fabric/pull/2844
Patch
Third Party Advisory
https://jira.hyperledger.org/browse/FAB-18529
Exploit
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:linuxfoundation:fabric:1.4.0:*:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:fabric:2.0.0:*:*:*:*:*:*:*

cpe:2.3:a:linuxfoundation:fabric:2.1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 67%

0.00545

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-476

Связанные уязвимости

GHSA-vjj6-5m9f-wqjw