Description
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
References (2)
Core 2
Core References
Exploit, Vendor Advisory x_refsource_misc
https://jira.hyperledger.org/browse/FAB-18529
Patch, Third Party Advisory x_refsource_misc
https://github.com/hyperledger/fabric/pull/2844
Scores
CVSS v3
7.5
EPSS
0.0054
EPSS Percentile
68.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (4)
hyperledger/fabric
2.3.0 - 2.3.3Go
linuxfoundation/fabric
1.4.0
linuxfoundation/fabric
2.0.0
linuxfoundation/fabric
2.1.0
Published
Nov 18, 2021
Tracked Since
Feb 18, 2026