CVE-2021-43667

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
References
Link Resource
https://jira.hyperledger.org/browse/FAB-18529 Exploit Vendor Advisory
https://github.com/hyperledger/fabric/pull/2844 Patch Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:linuxfoundation:fabric:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:fabric:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:fabric:2.1.0:*:*:*:*:*:*:*

History

23 Nov 2021, 16:36

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
References (MISC) https://jira.hyperledger.org/browse/FAB-18529 - (MISC) https://jira.hyperledger.org/browse/FAB-18529 - Exploit, Vendor Advisory
References (MISC) https://github.com/hyperledger/fabric/pull/2844 - (MISC) https://github.com/hyperledger/fabric/pull/2844 - Patch, Third Party Advisory
CPE cpe:2.3:a:linuxfoundation:fabric:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:fabric:1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:linuxfoundation:fabric:2.0.0:*:*:*:*:*:*:*
CWE CWE-476

18 Nov 2021, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-11-18 16:15

Updated : 2021-11-23 16:36


NVD link : CVE-2021-43667

Mitre link : CVE-2021-43667


JSON object : View

Products Affected

linuxfoundation

  • fabric
CWE
CWE-476

NULL Pointer Dereference