Yacovm

**Name of the Vulnerable Software and Affected Versions** Hyperledger Fabric versions prior to 2.2.14 and 2.5.5 **Description** The issue arises from the way Hyperledger Fabric hashes transactions in a block, which allows an adversary to manipulate the transactions without changing the computed hash of the block. This can lead to a peer parsing transactions differently, resulting in a deviation of its world state from other peers. The vulnerability can be exploited to create a "cross-linked block" that alters the way peers process transactions, potentially causing a fork in the network. There are no known workarounds for this issue. **Recommendations** To resolve the issue, users are advised to upgrade to version 2.2.14 or 2.5.5, which include additional validations to detect potential cross-linking issues before processing blocks. For versions prior to 2.2.14 and 2.5.5, consider applying the proposed patch that adds a `VerifyTransactionsAreWellFormed` function to ensure the integrity of transactions in a block. As a temporary workaround, consider implementing additional validation checks on transactions to detect any potential manipulation.