CVE-2021-43667

HIGH7.5EPSS 0.55%

NULL Pointer Dereference in HyperLedger Fabric

Published: 5/25/2022Modified: 11/8/2023

Description

A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash.

Affected packages (1)

Go/github.com/hyperledger/fabric>= 2.3.0, < 2.3.3

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References (5)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-43667
PATCHgithub.com/hyperledger/fabric
WEBhttps://github.com/hyperledger/fabric/pull/2838/commits/ebf94b10ecc86d3a91619b98befc52277b1e3474
WEBhttps://github.com/hyperledger/fabric/pull/2844
WEBhttps://jira.hyperledger.org/browse/FAB-18529