CVE-2021-43667 – github.com/hyperledger/fabric

Package

Manager: go
Name: github.com/hyperledger/fabric
Vulnerable Version: >=2.3.0 <2.3.3 || >=0 <2.2.4

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00545 pctl0.66829

Details

NULL Pointer Dereference in HyperLedger Fabric A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.

Metadata

Created: 2022-05-25T19:23:25Z
Modified: 2022-05-25T19:23:25Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vjj6-5m9f-wqjw/GHSA-vjj6-5m9f-wqjw.json
CWE IDs: ["CWE-476"]
Alternative ID: GHSA-vjj6-5m9f-wqjw
Finding: F002
Auto approve: 1