Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xajZyLWZocmMtamo1cs4AAvUB
Remote denial of service in Hyperledger Fabric Gateway
Impact
If a gateway client application sends a malformed request to a gateway peer it may crash the peer node.
This fix checks for the malformed gateway request and returns an error to the gateway client.
Patches
Fixed in v2.4.6.
Workarounds
None, users must upgrade to v2.4.6.
References
https://github.com/hyperledger/fabric/releases/tag/v2.4.6
For more information
If you have any questions or comments about this advisory:
- Open an issue in Fabric
Credits
Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.
Permalink: https://github.com/advisories/GHSA-qj6r-fhrc-jj5rJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xajZyLWZocmMtamo1cs4AAvUB
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: over 1 year ago
Updated: about 1 year ago
CVSS Score: 7.0
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
Identifiers: GHSA-qj6r-fhrc-jj5r, CVE-2022-36023
References:
- https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r
- https://nvd.nist.gov/vuln/detail/CVE-2022-36023
- https://github.com/hyperledger/fabric/releases/tag/v2.4.6
- https://github.com/hyperledger/fabric/pull/3572
- https://github.com/hyperledger/fabric/pull/3576
- https://github.com/hyperledger/fabric/pull/3577
- https://github.com/advisories/GHSA-qj6r-fhrc-jj5r
Blast Radius: 18.2
Affected Packages
go:github.com/hyperledger/fabric
Dependent packages: 322Dependent repositories: 401
Downloads:
Affected Version Ranges: >= 2.4.0, < 2.4.6
Fixed in: 2.4.6
All affected versions:
All unaffected versions: 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.1.0, 1.1.1, 1.2.0, 1.2.1, 1.3.0, 1.4.0, 1.4.1, 1.4.2, 1.4.3, 1.4.4, 1.4.5, 1.4.6, 1.4.7, 1.4.8, 1.4.9, 1.4.10, 1.4.11, 1.4.12, 2.0.0, 2.0.1, 2.1.0, 2.1.1