CVE-2022-36023
Summary
| CVE | CVE-2022-36023 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-08-18 16:15:00 UTC |
| Updated | 2023-02-16 02:32:00 UTC |
| Description | Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6. |
Risk And Classification
Problem Types: CWE-20
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Hyperledger | Fabric | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Remote denial of service in Hyperledger Fabric Gateway · Advisory · hyperledger/fabric · GitHub | CONFIRM | github.com | |
| Release v2.4.6 · hyperledger/fabric · GitHub | MISC | github.com | |
| Add validations to the gateway apis to signal malformed proposal. (backport #3572) by mergify[bot] · Pull Request #3577 · hyperledger/fabric · GitHub | MISC | github.com | |
| Add validations to the gateway apis to signal malformed proposal. by C0rWin · Pull Request #3572 · hyperledger/fabric · GitHub | MISC | github.com | |
| Add validations to the gateway apis to signal malformed proposal. (backport #3572) by mergify[bot] · Pull Request #3576 · hyperledger/fabric · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.