exploitDog

CVE-2022-45196

Опубликовано: 12 нояб. 2022

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

Ссылки

https://github.com/SmartBFT-Go/fabric/issues/286
Exploit
Issue Tracking
Third Party Advisory
https://github.com/hyperledger/fabric/pull/2934
Patch
Third Party Advisory
https://github.com/SmartBFT-Go/fabric/issues/286
Exploit
Issue Tracking
Third Party Advisory
https://github.com/hyperledger/fabric/pull/2934
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hyperledger:fabric:2.3:*:*:*:*:*:*:*

EPSS

Процентиль: 50%

0.00266

Низкий

7.5 High

CVSS3

Дефекты

CWE-670

CWE-670

Связанные уязвимости

GHSA-wp68-67c6-87fh

CVSS3: 7.5

github

около 3 лет назад

Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

EPSS

Процентиль: 50%

0.00266

Низкий

7.5 High

CVSS3

Дефекты

CWE-670

CWE-670