{"api_version":"1","generated_at":"2026-05-07T13:14:31+00:00","cve":"CVE-2022-36023","urls":{"html":"https://cve.report/CVE-2022-36023","api":"https://cve.report/api/cve/CVE-2022-36023.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2022-36023","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2022-36023"},"summary":{"title":"CVE-2022-36023","description":"Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.","state":"PUBLIC","assigner":"security-advisories@github.com","published_at":"2022-08-18 16:15:00","updated_at":"2023-02-16 02:32:00"},"problem_types":["CWE-20"],"metrics":[],"references":[{"url":"https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r","name":"https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r","refsource":"CONFIRM","tags":[],"title":"Remote denial of service in Hyperledger Fabric Gateway · Advisory · hyperledger/fabric · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/hyperledger/fabric/releases/tag/v2.4.6","name":"https://github.com/hyperledger/fabric/releases/tag/v2.4.6","refsource":"MISC","tags":[],"title":"Release v2.4.6 · hyperledger/fabric · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://github.com/hyperledger/fabric/pull/3577","name":"https://github.com/hyperledger/fabric/pull/3577","refsource":"MISC","tags":[],"title":"Add validations to the gateway apis to signal malformed proposal. (backport #3572) by mergify[bot] · Pull Request #3577 · hyperledger/fabric · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/hyperledger/fabric/pull/3572","name":"https://github.com/hyperledger/fabric/pull/3572","refsource":"MISC","tags":[],"title":"Add validations to the gateway apis to signal malformed proposal. by C0rWin · Pull Request #3572 · hyperledger/fabric · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/hyperledger/fabric/pull/3576","name":"https://github.com/hyperledger/fabric/pull/3576","refsource":"MISC","tags":[],"title":"Add validations to the gateway apis to signal malformed proposal. (backport #3572) by mergify[bot] · Pull Request #3576 · hyperledger/fabric · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2022-36023","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-36023","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2022","cve_id":"36023","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"hyperledger","cpe5":"fabric","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"security-advisories@github.com","ID":"CVE-2022-36023","STATE":"PUBLIC","TITLE":"Remote denial of service in Hyperledger Fabric Gateway"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"fabric","version":{"version_data":[{"version_value":"< 2.4.6"}]}}]},"vendor_name":"hyperledger"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6."}]},"impact":{"cvss":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"HIGH","baseScore":7,"baseSeverity":"HIGH","confidentialityImpact":"LOW","integrityImpact":"LOW","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H","version":"3.1"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-20: Improper Input Validation"}]}]},"references":{"reference_data":[{"name":"https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r","refsource":"CONFIRM","url":"https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r"},{"name":"https://github.com/hyperledger/fabric/releases/tag/v2.4.6","refsource":"MISC","url":"https://github.com/hyperledger/fabric/releases/tag/v2.4.6"},{"name":"https://github.com/hyperledger/fabric/pull/3572","refsource":"MISC","url":"https://github.com/hyperledger/fabric/pull/3572"},{"name":"https://github.com/hyperledger/fabric/pull/3576","refsource":"MISC","url":"https://github.com/hyperledger/fabric/pull/3576"},{"name":"https://github.com/hyperledger/fabric/pull/3577","refsource":"MISC","url":"https://github.com/hyperledger/fabric/pull/3577"}]},"source":{"advisory":"GHSA-qj6r-fhrc-jj5r","discovery":"UNKNOWN"}},"nvd":{"publishedDate":"2022-08-18 16:15:00","lastModifiedDate":"2023-02-16 02:32:00","problem_types":["CWE-20"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"LOW","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*","versionEndExcluding":"2.4.6","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}