GHSA-vjj6-5m9f-wqjw

Source

https://github.com/advisories/GHSA-vjj6-5m9f-wqjw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjj6-5m9f-wqjw/GHSA-vjj6-5m9f-wqjw.json

JSON Data

https://api.test.osv.dev/v1/vulns/GHSA-vjj6-5m9f-wqjw

Aliases

CVE-2021-43667

Published

2022-05-25T19:23:25Z

Modified

2023-11-01T04:56:43.642252Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

NULL Pointer Dereference in HyperLedger Fabric

Details

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.

Database specific

{
    "nvd_published_at": "2021-11-18T16:15:00Z",
    "cwe_ids": [
        "CWE-476"
    ],
    "github_reviewed_at": "2022-05-25T19:23:25Z",
    "github_reviewed": true,
    "severity": "HIGH"
}

References

Affected packages

Go / github.com/hyperledger/fabric

Package

Name: github.com/hyperledger/fabric; View open source insights on deps.dev
Purl: pkg:golang/github.com/hyperledger/fabric

Affected ranges

Type: SEMVER
Events: Introduced

2.3.0

Fixed

2.3.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjj6-5m9f-wqjw/GHSA-vjj6-5m9f-wqjw.json"

Go / github.com/hyperledger/fabric

Package

Name: github.com/hyperledger/fabric; View open source insights on deps.dev
Purl: pkg:golang/github.com/hyperledger/fabric

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.4

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjj6-5m9f-wqjw/GHSA-vjj6-5m9f-wqjw.json"