CVE-2022-31121

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-31121

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31121.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-31121

Aliases

Published

2022-07-07T18:00:14Z

Modified

2025-10-22T18:29:03.204424Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Improper Input Validation in fabric hyperledger

Details

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.

Database specific

{
    "cwe_ids": [
        "CWE-20"
    ]
}

References

Affected packages

Git / github.com/hyperledger/fabric

Affected ranges

Type: GIT
Repo: https://github.com/hyperledger/fabric
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

7f22e997ee4b7a02f301f28250207fed1d977555

Type: GIT
Repo: https://github.com/hyperledger/fabric
Events: Introduced

ec81f3e74fa127fc504b1c2249b19ec421ea2a1d

Fixed

7e2a6b9ec3347731c80ab09f2ade0dd844f90ed8

Affected versions

baseimage-v0.*

baseimage-v0.0.11

v0.*

v0.6.0-preview

v0.6.1-preview

v1.*

v1.0.0

v1.0.0-alpha

v1.0.0-alpha2

v1.0.0-beta

v1.0.0-rc1

v1.1.0-alpha

v1.1.0-preview

v1.1.0-rc1

v1.2.0-rc1

v1.3.0-rc1

v1.4.0-rc1

v2.*

v2.0.0-alpha

v2.0.0-beta

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6