CVE-2021-43667

{"id": "CVE-2021-43667", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2021-11-18T16:15:09.073", "references": [{"url": "https://github.com/hyperledger/fabric/pull/2844", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://jira.hyperledger.org/browse/FAB-18529", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/hyperledger/fabric/pull/2844", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jira.hyperledger.org/browse/FAB-18529", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability has been detected in HyperLedger Fabric v1.4.0, v2.0.0, v2.1.0. This bug can be leveraged by constructing a message whose payload is nil and sending this message with the method 'forwardToLeader'. This bug has been admitted and fixed by the developers of Fabric. If leveraged, any leader node will crash."}, {"lang": "es", "value": "Se ha detectado una vulnerabilidad en HyperLedger Fabric versiones v1.4.0, v2.0.0, v2.1.0. Este bug puede ser aprovechado al construir un mensaje cuya carga \u00fatil es nula y enviando este mensaje con el m\u00e9todo \"forwardToLeader\". Este error ha sido admitido y corregido por los desarrolladores de Fabric. Si es aprovechado, cualquier nodo l\u00edder ser\u00e1 bloqueado."}], "lastModified": "2024-11-21T06:29:34.783", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:fabric:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AE1F2B85-8EC3-4525-A3F1-7D2AAD092EC5"}, {"criteria": "cpe:2.3:a:linuxfoundation:fabric:2.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1BCE2A3B-73F9-4C60-99D5-D6EEF26FA319"}, {"criteria": "cpe:2.3:a:linuxfoundation:fabric:2.1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5110702-20BF-45EB-9B53-AC1FB2CEFDC8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}