2.1.0

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

linuxfoundation

CWE-476

NVD

Published: 2021-11-18

Updated: 2021-11-23

Summary

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.

Vulnerable Configurations

Part	Description	Count
Application	Linuxfoundation Linuxfoundation Fabric 1.4.0 Linuxfoundation Fabric 2.0.0 Linuxfoundation Fabric 2.1.0	3

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

https://jira.hyperledger.org/browse/FAB-18529
https://github.com/hyperledger/fabric/pull/2844