mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
123 lines
3.8 KiB
JSON
123 lines
3.8 KiB
JSON
{
|
|
"id": "CVE-2021-43667",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2021-11-18T16:15:09.073",
|
|
"lastModified": "2021-11-23T16:36:55.640",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Se ha detectado una vulnerabilidad en HyperLedger Fabric versiones v1.4.0, v2.0.0, v2.1.0. Este bug puede ser aprovechado al construir un mensaje cuya carga \u00fatil es nula y enviando este mensaje con el m\u00e9todo \"forwardToLeader\". Este error ha sido admitido y corregido por los desarrolladores de Fabric. Si es aprovechado, cualquier nodo l\u00edder ser\u00e1 bloqueado."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "HIGH",
|
|
"baseScore": 7.5,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 3.6
|
|
}
|
|
],
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "LOW",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "PARTIAL",
|
|
"baseScore": 5.0
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 10.0,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-476"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:linuxfoundation:fabric:1.4.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AE1F2B85-8EC3-4525-A3F1-7D2AAD092EC5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:linuxfoundation:fabric:2.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1BCE2A3B-73F9-4C60-99D5-D6EEF26FA319"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:linuxfoundation:fabric:2.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "B5110702-20BF-45EB-9B53-AC1FB2CEFDC8"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://github.com/hyperledger/fabric/pull/2844",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Patch",
|
|
"Third Party Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://jira.hyperledger.org/browse/FAB-18529",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Exploit",
|
|
"Vendor Advisory"
|
|
]
|
|
}
|
|
]
|
|
} |