PT-2021-23899 · Unknown · Hyperledger Fabric

Govulnbot

Published

2021-11-18

Updated

2022-05-25

CVE-2021-43667

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: HyperLedger Fabric versions 1.4.0 through 2.1.0

Description: A bug in HyperLedger Fabric allows an attacker to crash any leader node by constructing a message with a nil payload and sending it using the forwardToLeader method. The developers have acknowledged and fixed this issue.

Recommendations: For HyperLedger Fabric version 1.4.0, update to a version that includes the fix for this bug. For HyperLedger Fabric version 2.0.0, update to a version that includes the fix for this bug. For HyperLedger Fabric version 2.1.0, update to a version that includes the fix for this bug. As a temporary workaround, consider restricting the use of the forwardToLeader method until a patch is available.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2021-43667

GHSA-VJJ6-5M9F-WQJW

Affected Products

Hyperledger Fabric

PT-2021-23899 · Unknown · Hyperledger Fabric

CVE-2021-43667

Weakness Enumeration

Related Identifiers

Affected Products

References · 7