Vulnerability Description
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Hyperledger | Fabric | < 2.4.6 |
Related Weaknesses (CWE)
References
- https://github.com/hyperledger/fabric/pull/3572Patch
- https://github.com/hyperledger/fabric/pull/3576Patch
- https://github.com/hyperledger/fabric/pull/3577Patch
- https://github.com/hyperledger/fabric/releases/tag/v2.4.6Release Notes
- https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5rThird Party Advisory
- https://github.com/hyperledger/fabric/pull/3572Patch
- https://github.com/hyperledger/fabric/pull/3576Patch
- https://github.com/hyperledger/fabric/pull/3577Patch
- https://github.com/hyperledger/fabric/releases/tag/v2.4.6Release Notes
- https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5rThird Party Advisory
FAQ
What is CVE-2022-36023?
CVE-2022-36023 is a vulnerability with a CVSS score of 7.0 (HIGH). Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway pe...
How severe is CVE-2022-36023?
CVE-2022-36023 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-36023?
Check the references section above for vendor advisories and patch information. Affected products include: Hyperledger Fabric.