Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-9w7j-q3xw-p9vh: Hyperledger Fabric subject to Denial of Service via non-validated request

A vulnerability exists in Hyperledger Fabric < 2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack. The peer gateway service tries to extract channel and chaincode information from the signed proposal, but it doesn’t check the proposal fields for validity. Therefore a malformed proposal might end up crashing the peer service. This issue has been patched in 2.4.6. There are no known workarounds.

ghsa
Open in Source
#vulnerability#dos#git#perl

Hyperledger Fabric subject to Denial of Service via non-validated request

High severity GitHub Reviewed Published Sep 25, 2022 • Updated Sep 28, 2022

Related news

CVE-2022-35253: Add validations to the gateway apis to signal malformed proposal. (backport #3572) by mergify[bot] · Pull Request #3577 · hyperledger/fabric

A vulnerability exists in Hyperledger Fabric <2.4 could allow an attacker to construct a non-validated request that could cause a denial of service attack.

ghsa: Latest News

GHSA-w5rq-g9r6-vrcg: @dapperduckling/keycloak-connector-server has Reflected XSS Vulnerability in Authentication Flow URL Handling
ghsa