How severe is CVE-2022-45196?

CVE-2022-45196 has a severity rating of 7.5, which is considered high.

Is there a fix for CVE-2022-45196?

Yes, there is a fix available for CVE-2022-45196. It is recommended to update to the latest version of Hyperledger Fabric.

Where can I find more information about CVE-2022-45196?

More information about CVE-2022-45196 can be found in the following references: [https://github.com/SmartBFT-Go/fabric/issues/286](https://github.com/SmartBFT-Go/fabric/issues/286) and [https://github.com/hyperledger/fabric/pull/2934](https://github.com/hyperledger/fabric/pull/2934).

Vulnerability/
CVE-2022-45196

high

7.5

CWE

670

12/11/2022

1/5/2025

CVE-2022-45196

First published: Sat Nov 12 2022(Updated: )

Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

Credit: cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Hyperledger Fabric	=2.3
	=2.3

Remedy

https://github.com/hyperledger/fabric/pull/2934

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-45196?
CVE-2022-45196 is a vulnerability in Hyperledger Fabric 2.3 that allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name.
How severe is CVE-2022-45196?
CVE-2022-45196 has a severity rating of 7.5, which is considered high.
How does CVE-2022-45196 affect Hyperledger Fabric 2.3?
CVE-2022-45196 affects Hyperledger Fabric 2.3 by allowing attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name.
Is there a fix for CVE-2022-45196?
Yes, there is a fix available for CVE-2022-45196. It is recommended to update to the latest version of Hyperledger Fabric.
Where can I find more information about CVE-2022-45196?
More information about CVE-2022-45196 can be found in the following references: [https://github.com/SmartBFT-Go/fabric/issues/286](https://github.com/SmartBFT-Go/fabric/issues/286) and [https://github.com/hyperledger/fabric/pull/2934](https://github.com/hyperledger/fabric/pull/2934).

collector/nvd-index
agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/severity
agent/first-publish-date
agent/description
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/author
agent/last-modified-date
agent/softwarecombine
agent/event
agent/tags
agent/source
vendor/hyperledger
canonical/hyperledger fabric
version/hyperledger fabric/2.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.