Vulnerability Description
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linuxfoundation | Indy-Node | 1.12.2 |
Related Weaknesses (CWE)
References
- https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123Release NotesThird Party Advisory
- https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89cThird Party Advisory
- https://pypi.org/project/indy-node/1.12.3/Third Party Advisory
- https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123Release NotesThird Party Advisory
- https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89cThird Party Advisory
- https://pypi.org/project/indy-node/1.12.3/Third Party Advisory
FAQ
What is CVE-2020-11090?
CVE-2020-11090 is a vulnerability with a CVSS score of 7.5 (HIGH). In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a clien...
How severe is CVE-2020-11090?
CVE-2020-11090 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-11090?
Check the references section above for vendor advisories and patch information. Affected products include: Linuxfoundation Indy-Node.