CVE-2022-36023 — Remote denial of service in Hyperledger Fabric Gateway

Description

Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway request and returns an error to the gateway client. There are no known workarounds, users must upgrade to version 2.4.6.

How to fix CVE-2022-36023

To remediate CVE-2022-36023, upgrade the affected package to a fixed version below.

—upgrade to 2.4.6 or later
—upgrade to 2.4.6 or later
—upgrade to 2.4.6 or later
—upgrade to 2.4.6 or later

Is CVE-2022-36023 being exploited?

Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.

Affected packages (4)

from 0, < 2.4.6
from 0, < 2.4.6
from 0, < 2.4.6
>= 2.4.0, < 2.4.6

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.0	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

References (7)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-36023
PATCHgithub.com/hyperledger/fabric
WEBgithub.com/hyperledger/fabric/pull/3572
WEBgithub.com/hyperledger/fabric/pull/3576
WEBgithub.com