CVE-2022-45196
HIGHHyperledger Fabric 2.3 - Denial of Service via Crafted Channel Transaction
Title source: llmDescription
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.
References (2)
Core 2
Core References
Exploit, Issue Tracking, Third Party Advisory
https://github.com/SmartBFT-Go/fabric/issues/286
Patch, Third Party Advisory
https://github.com/hyperledger/fabric/pull/2934
Scores
CVSS v3
7.5
EPSS
0.0080
EPSS Percentile
51.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-670
Status
published
Products (1)
hyperledger/fabric
2.3
Published
Nov 12, 2022
Tracked Since
Feb 18, 2026