Vulnerability Details : CVE-2022-36023
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.
Vulnerability category: Input validation
Products affected by CVE-2022-36023
- cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-36023
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 49 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-36023
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
NIST | |
7.0
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H |
2.2
|
4.7
|
GitHub, Inc. |
CWE ids for CVE-2022-36023
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-36023
-
https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r
Remote denial of service in Hyperledger Fabric Gateway · Advisory · hyperledger/fabric · GitHubThird Party Advisory
-
https://github.com/hyperledger/fabric/pull/3577
Add validations to the gateway apis to signal malformed proposal. (backport #3572) by mergify[bot] · Pull Request #3577 · hyperledger/fabric · GitHubPatch
-
https://github.com/hyperledger/fabric/releases/tag/v2.4.6
Release v2.4.6 · hyperledger/fabric · GitHubRelease Notes
-
https://github.com/hyperledger/fabric/pull/3576
Add validations to the gateway apis to signal malformed proposal. (backport #3572) by mergify[bot] · Pull Request #3576 · hyperledger/fabric · GitHubPatch
-
https://github.com/hyperledger/fabric/pull/3572
Add validations to the gateway apis to signal malformed proposal. by C0rWin · Pull Request #3572 · hyperledger/fabric · GitHubPatch
Jump to