QwikSec

Security Database

CVE

CWE

Training

CVE-2022-31121

Published: Jul 7, 2022

Modified: Apr 23, 2025

PUBLISHED

CVSS v3.1

7.5

HIGH

Description

Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.

Vendor	Product	Versions
hyperledger	fabric	affected `< 2.2.7` affected `>= 2.3.0, < 2.4.5`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/hyperledger/fabric/security/advisories/GHSA-72x4-cq6r-jp4p

x_refsource_CONFIRM

https://github.com/hyperledger/fabric/commit/0f18359493bcbd5f9f9d1a9b05adabfe5da23b06

x_refsource_MISC

https://github.com/hyperledger/fabric/releases/tag/v2.2.7

x_refsource_MISC

https://github.com/hyperledger/fabric/releases/tag/v2.4.5

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.