CVE-2022-31121

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-31121
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-31121.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-31121
Aliases
Published
2022-07-07T18:15:09Z
Modified
2024-07-18T20:11:50.393825Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.

References

Affected packages

Git / github.com/hyperledger/fabric

Affected ranges

Type
GIT
Repo
https://github.com/hyperledger/fabric
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

baseimage-v0.*

baseimage-v0.0.11

v0.*

v0.6.0-preview
v0.6.1-preview

v1.*

v1.0.0
v1.0.0-alpha
v1.0.0-alpha2
v1.0.0-beta
v1.0.0-rc1
v1.1.0-alpha
v1.1.0-preview
v1.1.0-rc1
v1.2.0-rc1
v1.3.0-rc1
v1.4.0-rc1

v2.*

v2.0.0-alpha
v2.0.0-beta
v2.4.0
v2.4.0-alpha
v2.4.0-beta
v2.4.1
v2.4.2
v2.4.3
v2.4.4