CVE-2022-31121

Improper Input Validation in fabric hyperledger

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.

Hyperledger Fabric es un marco de libro mayor distribuido con permisos. En versiones afectadas, si un cliente de consenso envía una petición de consenso malformada a un ordenante, puede bloquear el nodo ordenante. Ha sido añadida una corrección en el commit 0f1835949 que comprueba si faltan mensajes de consenso y devuelve un error al cliente de consenso si falta el mensaje. Es recomendado a usuarios actualizar a versiones 2.2.7 o v2.4.5. No se presentan mitigaciones conocidas para este problema

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-05-18 CVE Reserved
2022-07-07 CVE Published
2024-02-26 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation

CAPEC

References (4)

URL	Tag	Source
https://github.com/hyperledger/fabric/releases/tag/v2.2.7	Release Notes
https://github.com/hyperledger/fabric/releases/tag/v2.4.5	Release Notes
https://github.com/hyperledger/fabric/security/advisories/GHSA-72x4-cq6r-jp4p	Issue Tracking

URL	Date	SRC

URL	Date	SRC
https://github.com/hyperledger/fabric/commit/0f18359493bcbd5f9f9d1a9b05adabfe5da23b06	2022-07-15

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Hyperledger Search vendor "Hyperledger"		Fabric Search vendor "Hyperledger" for product "Fabric"				< 2.2.7 Search vendor "Hyperledger" for product "Fabric" and version " < 2.2.7"		-		Affected
Hyperledger Search vendor "Hyperledger"		Fabric Search vendor "Hyperledger" for product "Fabric"				>= 2.3.0 < 2.4.5 Search vendor "Hyperledger" for product "Fabric" and version " >= 2.3.0 < 2.4.5"		-		Affected