CVE-2021-43667
NULL Pointer Dereference in HyperLedger Fabric
7.5
HIGH
CVSS 3.1
EPSS 0.55%
Description
A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.
How to fix CVE-2021-43667
To remediate CVE-2021-43667, upgrade the affected package to a fixed version below.
- —upgrade to 2.3.3 or later
Is CVE-2021-43667 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 2.3.0, < 2.3.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |