René Helmke 7791f18b51 bootstrap
2023-05-16 16:09:41 +02:00

123 lines
3.8 KiB
JSON

{
"id": "CVE-2021-43667",
"sourceIdentifier": "cve@mitre.org",
"published": "2021-11-18T16:15:09.073",
"lastModified": "2021-11-23T16:36:55.640",
"vulnStatus": "Analyzed",
"descriptions": [
{
"lang": "en",
"value": "A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash."
},
{
"lang": "es",
"value": "Se ha detectado una vulnerabilidad en HyperLedger Fabric versiones v1.4.0, v2.0.0, v2.1.0. Este bug puede ser aprovechado al construir un mensaje cuya carga \u00fatil es nula y enviando este mensaje con el m\u00e9todo \"forwardToLeader\". Este error ha sido admitido y corregido por los desarrolladores de Fabric. Si es aprovechado, cualquier nodo l\u00edder ser\u00e1 bloqueado."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "NONE",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-476"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:fabric:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1F2B85-8EC3-4525-A3F1-7D2AAD092EC5"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:fabric:2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1BCE2A3B-73F9-4C60-99D5-D6EEF26FA319"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:linuxfoundation:fabric:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B5110702-20BF-45EB-9B53-AC1FB2CEFDC8"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/hyperledger/fabric/pull/2844",
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://jira.hyperledger.org/browse/FAB-18529",
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
]
}
]
}