Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. Its modular and versatile design satisfies a broad range of industry use cases.
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
CVE-2021-43667 - High Severity Vulnerability
Vulnerable Library - github.com/hyperledger/fabric-v1.4.0-rc1.0.20210722174351-9815a7a8f0f7
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. Its modular and versatile design satisfies a broad range of industry use cases.
Library home page: https://proxy.golang.org/github.com/hyperledger/fabric/@v/v1.4.0-rc1.0.20210722174351-9815a7a8f0f7.zip
Path to dependency file: /go.mod
Path to vulnerable library: /go.mod
Dependency Hierarchy: - :x: **github.com/hyperledger/fabric-v1.4.0-rc1.0.20210722174351-9815a7a8f0f7** (Vulnerable Library)
Found in HEAD commit: 999f5d255a183e22a067e6411929924a0bacd65f
Found in base branch: main
Vulnerability Details
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
Publish Date: 2021-11-18
URL: CVE-2021-43667
CVSS 3 Score Details (7.5)
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Suggested Fix
Type: Upgrade version
Origin: https://github.com/advisories/GHSA-vjj6-5m9f-wqjw
Release Date: 2021-11-18
Fix Resolution: v2.2.4,v2.3.3
Step up your Open Source Security Game with Mend here