CVE-2022-36023: Remote denial of service in Hyperledger Fabric Gateway
First published: Thu Aug 18 2022(Updated: )
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Hyperledger Fabric | <2.4.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-36023?
CVE-2022-36023 is a vulnerability in Hyperledger Fabric that allows a malformed gateway request to crash the peer node.
What is Hyperledger Fabric?
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications.
How do I know if I am affected by CVE-2022-36023?
If you are using Hyperledger Fabric versions up to and including 2.4.6, you are affected by CVE-2022-36023.
What is the severity of CVE-2022-36023?
The severity of CVE-2022-36023 is high, with a severity value of 5.3.
How can I fix CVE-2022-36023?
To fix CVE-2022-36023, upgrade your Hyperledger Fabric installation to a version higher than 2.4.6.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/title
- agent/author
- agent/severity
- agent/first-publish-date
- agent/description
- agent/event
- agent/tags
- agent/source
- vendor/hyperledger
- canonical/hyperledger fabric