CVE-2022-36023
Remote denial of service in Hyperledger Fabric Gateway
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.
Hyperledger Fabric es un marco de libro mayor distribuido de grado empresarial para desarrollar soluciones y aplicaciones. Si una aplicación de cliente de pasarela envía una petición malformada a un peer de pasarela, puede bloquear el nodo peer. La versión 2.4.6 comprueba la petición malformada de la pasarela y devuelve un error al cliente de la pasarela. No se presentan mitigaciones conocidas, los usuarios deben actualizar a versión 2.4.6.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2022-08-18 CVE Published
- 2024-03-10 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (5)
| URL | Tag | Source |
|---|---|---|
| https://github.com/hyperledger/fabric/releases/tag/v2.4.6 | Release Notes | |
| https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/hyperledger/fabric/pull/3572 | 2023-02-16 | |
| https://github.com/hyperledger/fabric/pull/3576 | 2023-02-16 | |
| https://github.com/hyperledger/fabric/pull/3577 | 2023-02-16 |
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Hyperledger Search vendor "Hyperledger" | Fabric Search vendor "Hyperledger" for product "Fabric" | < 2.4.6 Search vendor "Hyperledger" for product "Fabric" and version " < 2.4.6" | - |
Affected
| ||||||