CVE-2022-36023
HIGH7.0EPSS 0.75%Remote denial of service in Hyperledger Fabric Gateway
Published: 10/13/2022Modified: 7/18/2024
Also known as:GHSA-qj6r-fhrc-jj5rBIT-hyperledger-fabric-orderer-2022-36023BIT-hyperledger-fabric-peer-2022-36023BIT-hyperledger-fabric-tools-2022-36023
Description
### Impact If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. This fix checks for the malformed gateway request and returns an error to the gateway client. ### Patches Fixed in v2.4.6. ### Workarounds None, users must upgrade to v2.4.6. ### References https://github.com/hyperledger/fabric/releases/tag/v2.4.6 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Fabric](https://github.com/hyperledger/fabric) ### Credits Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.
Affected packages (4)
- Bitnami/hyperledger-fabric-ordererfrom 0, < 2.4.6
- Bitnami/hyperledger-fabric-peerfrom 0, < 2.4.6
- Bitnami/hyperledger-fabric-toolsfrom 0, < 2.4.6
- Go/github.com/hyperledger/fabric>= 2.4.0, < 2.4.6
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.0 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
References (7)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-36023
- PATCHhttps://github.com/hyperledger/fabric
- WEBhttps://github.com/hyperledger/fabric/pull/3572
- WEBhttps://github.com/hyperledger/fabric/pull/3576
- WEBhttps://github.com/hyperledger/fabric/pull/3577
- WEBhttps://github.com/hyperledger/fabric/releases/tag/v2.4.6
- WEBhttps://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r