CVE-2021-43667 (High) detected in github.com/hyperledger/fabric-v1.4.0-rc1.0.20210722174351-9815a7a8f0f7

[mend-bolt-for-github[bot]]

CVE-2021-43667 - High Severity Vulnerability

Vulnerable Library - github.com/hyperledger/fabric-v1.4.0-rc1.0.20210722174351-9815a7a8f0f7

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. Its modular and versatile design satisfies a broad range of industry use cases.

Library home page: https://proxy.golang.org/github.com/hyperledger/fabric/@v/v1.4.0-rc1.0.20210722174351-9815a7a8f0f7.zip

Path to dependency file: /go.mod

Path to vulnerable library: /go.mod

Dependency Hierarchy: - :x: **github.com/hyperledger/fabric-v1.4.0-rc1.0.20210722174351-9815a7a8f0f7** (Vulnerable Library)

Found in HEAD commit: 999f5d255a183e22a067e6411929924a0bacd65f

Found in base branch: main

Vulnerability Details

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.

Publish Date: 2021-11-18

URL: CVE-2021-43667

CVSS 3 Score Details (7.5)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://github.com/advisories/GHSA-vjj6-5m9f-wqjw

Release Date: 2021-11-18

Fix Resolution: v2.2.4,v2.3.3

---

Step up your Open Source Security Game with Mend here