CVE-2022-36023

HIGH

Hyperledger Fabric < 2.4.6 - Denial of Service via Malformed Gateway Request

Title source: llm

Description

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.

References (5)

Core 5

Core References

Patch

https://github.com/hyperledger/fabric/pull/3572

Patch

https://github.com/hyperledger/fabric/pull/3576

Patch

https://github.com/hyperledger/fabric/pull/3577

Release Notes

https://github.com/hyperledger/fabric/releases/tag/v2.4.6

Third Party Advisory

https://github.com/hyperledger/fabric/security/advisories/GHSA-qj6r-fhrc-jj5r

Scores

CVSS v3 7.0

EPSS 0.0091

EPSS Percentile 55.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-20

Status published

Products (2)

hyperledger/fabric < 2.4.6

hyperledger/fabric 2.4.0 - 2.4.6Go

Published Aug 18, 2022

Tracked Since Feb 18, 2026