GHSA-qj6r-fhrc-jj5r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-qj6r-fhrc-jj5r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/10/GHSA-qj6r-fhrc-jj5r/GHSA-qj6r-fhrc-jj5r.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/GHSA-qj6r-fhrc-jj5r
- Aliases
- Published
- 2022-10-13T19:12:05Z
- Modified
- 2024-07-18T20:12:06.871083Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H CVSS Calculator
- Summary
- Remote denial of service in Hyperledger Fabric Gateway
- Details
-
Impact
If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. This fix checks for the malformed gateway request and returns an error to the gateway client.
Patches
Fixed in v2.4.6.
Workarounds
None, users must upgrade to v2.4.6.
References
https://github.com/hyperledger/fabric/releases/tag/v2.4.6
For more information
If you have any questions or comments about this advisory: * Open an issue in Fabric
Credits
Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.
- Database specific
{ "nvd_published_at": "2022-08-18T16:15:00Z", "github_reviewed_at": "2022-10-13T19:12:05Z", "severity": "HIGH", "github_reviewed": true, "cwe_ids": [ "CWE-20" ] }- References
-
- https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r
- https://nvd.nist.gov/vuln/detail/CVE-2022-36023
- https://github.com/hyperledger/fabric/pull/3572
- https://github.com/hyperledger/fabric/pull/3576
- https://github.com/hyperledger/fabric/pull/3577
- https://github.com/hyperledger/fabric
- https://github.com/hyperledger/fabric/releases/tag/v2.4.6
Affected packages
Go / github.com/hyperledger/fabric
Package
- Name
- github.com/hyperledger/fabric
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/hyperledger/fabric