CVE-2021-43669

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43669

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43669.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43669

Aliases

GHSA-j96p-r523-8r3w

Published

2021-11-18T16:15:09Z

Modified

2025-01-14T09:59:49.824221Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.0.1, v2.3.0. It can easily break down as many orderers as the attacker wants. This bug can be leveraged by constructing a message whose header is invalid to the interface Order. This bug has been admitted and fixed by the developers of Fabric.

References

Affected packages

Git / github.com/hyperledger/fabric

Affected ranges

Type: GIT
Repo: https://github.com/hyperledger/fabric
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

0432c3e80a271d55fce1835229ab95fee851e6d9

Last affected

1cfa5da98dee4e66a098c993cc6a74705aae74eb

Last affected

d700b43476e803c864c48021e63a78543b60e17e

Last affected

ec81f3e74fa127fc504b1c2249b19ec421ea2a1d

Affected versions

baseimage-v0.*

baseimage-v0.0.11

v0.*

v0.6.0-preview

v0.6.1-preview

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-alpha2

v1.0.0-beta

v1.0.0-rc1

v1.1.0-alpha

v1.1.0-preview

v1.1.0-rc1

v1.2.0-rc1

v1.3.0-rc1

v1.4.0

v1.4.0-rc1

v1.4.0-rc2

v2.*

v2.0.0

v2.0.0-alpha

v2.0.0-beta

v2.3.0