Описание
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.
Ссылки
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
- PatchThird Party Advisory
- Release NotesThird Party Advisory
- Release NotesThird Party Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.2.7 (исключая)Версия от 2.3.0 (включая) до 2.4.5 (исключая)
Одно из
cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*
cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00699
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Hyperledger Fabric vulnerable to Improper Input Validation in orderer/common/cluster consensus request
EPSS
Процентиль: 72%
0.00699
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-20