CVE-2022-35253

Name of the Vulnerable Software and Affected Versions Hyperledger Fabric versions prior to 2.4.6

Description A vulnerability exists in Hyperledger Fabric that could allow an attacker to construct a non-validated request, potentially causing a denial of service attack. The peer gateway service fails to check the proposal fields for validity, which could lead to a malformed proposal crashing the peer service.

Recommendations For Hyperledger Fabric versions prior to 2.4.6, update to version 2.4.6 to resolve the issue. As a temporary workaround, consider implementing additional validation checks on proposal fields to prevent malformed proposals from crashing the peer service. Restrict access to the peer gateway service to minimize the risk of exploitation until the update can be applied.