Skip to content

Remote denial of service in Hyperledger Fabric Gateway

High
denyeart published GHSA-qj6r-fhrc-jj5r Aug 16, 2022

Package

gomod org.hyperledger.fabric.gateway (Go)

Affected versions

2.4.0-2.4.5

Patched versions

2.4.6

Description

Impact

If a gateway client application sends a malformed request to a gateway peer it may crash the peer node.
This fix checks for the malformed gateway request and returns an error to the gateway client.

Patches

Fixed in v2.4.6.

Workarounds

None, users must upgrade to v2.4.6.

References

https://github.com/hyperledger/fabric/releases/tag/v2.4.6

For more information

If you have any questions or comments about this advisory:

Credits

Thank you to Haosheng Wang of OPPO ZIWU Security Lab for this disclosure.

Severity

High

CVE ID

CVE-2022-36023

Weaknesses

Credits