Vulnerabilities > CVE-2020-11090 - Unspecified vulnerability in Linuxfoundation Indy-Node 1.12.2

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

linuxfoundation

NVD

Published: 2020-06-11

Updated: 2024-11-21

Summary

In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.

Vulnerable Configurations

Part	Description	Count
Application	Linuxfoundation Linuxfoundation Indy Node 1.12.2	1

References

https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123
https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c
https://pypi.org/project/indy-node/1.12.3/
https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123
https://pypi.org/project/indy-node/1.12.3/
https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c