CVE-2022-31121

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31121

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-31121.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-31121

Aliases

Related

GHSA-72x4-cq6r-jp4p

Published

2022-07-07T18:15:09Z

Modified

2025-01-08T14:13:58.944598Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/hyperledger/fabric

Affected ranges

Type: GIT
Repo: https://github.com/hyperledger/fabric
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

0f18359493bcbd5f9f9d1a9b05adabfe5da23b06

Fixed

0f18359493bcbd5f9f9d1a9b05adabfe5da23b06

Affected versions

baseimage-v0.*

baseimage-v0.0.11

v0.*

v0.6.0-preview

v0.6.1-preview

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-alpha2

v1.0.0-beta

v1.0.0-rc1

v1.1.0-alpha

v1.1.0-preview

v1.1.0-rc1

v1.2.0-rc1

v1.3.0-rc1

v1.4.0-rc1

v2.*

v2.0.0-alpha

v2.0.0-beta

v2.4.0

v2.4.0-alpha

v2.4.0-beta

v2.4.1

v2.4.2

v2.4.3

v2.4.4