CVE-2022-31121

ADVISORY - github

Summary

Impact

If a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. This fix checks for the malformed consensus request and returns an error to the consensus client.

Specific Go Packages Affected

github.com/hyperledger/fabric/orderer/common/cluster

Patches

Fixed in v2.2.7 and v2.4.5.

Workarounds

None, users must upgrade to v2.2.7 or v2.4.5.

References

https://github.com/hyperledger/fabric/releases/tag/v2.2.7 https://github.com/hyperledger/fabric/releases/tag/v2.4.5

For more information

If you have any questions or comments about this advisory:

Open an issue in Hyperledger Fabric repository

Credits

Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.

EPSS Score⁠: 0.00653 (0.705)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-20⁠

Improper Input Validation

ADVISORY - github

CWE-20⁠

Improper Input Validation

ADVISORY - gitlab

CWE-1035⁠

OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities

CWE-20⁠

Improper Input Validation

CWE-937⁠

OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.