High severityNVD Advisory· Published Jul 7, 2022· Updated Apr 23, 2025
Improper Input Validation in fabric hyperledger
CVE-2022-31121
Description
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and returns an error to the consensus client should the message be missing. Users are advised to upgrade to versions 2.2.7 or v2.4.5. There are no known workarounds for this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/hyperledger/fabricGo | < 2.2.7 | 2.2.7 |
github.com/hyperledger/fabricGo | >= 2.3.0, < 2.4.5 | 2.4.5 |
Affected products
5- osv-coords4 versionspkg:bitnami/hyperledger-fabric-ordererpkg:bitnami/hyperledger-fabric-peerpkg:bitnami/hyperledger-fabric-toolspkg:golang/github.com/hyperledger/fabric
< 2.2.7+ 3 more
- (no CPE)range: < 2.2.7
- (no CPE)range: < 2.2.7
- (no CPE)range: < 2.2.7
- (no CPE)range: < 2.2.7
- Range: < 2.2.7
Patches
Vulnerability mechanics
References
6- github.com/advisories/GHSA-72x4-cq6r-jp4pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2022-31121ghsaADVISORY
- github.com/hyperledger/fabric/commit/0f18359493bcbd5f9f9d1a9b05adabfe5da23b06ghsax_refsource_MISCWEB
- github.com/hyperledger/fabric/releases/tag/v2.2.7ghsax_refsource_MISCWEB
- github.com/hyperledger/fabric/releases/tag/v2.4.5ghsax_refsource_MISCWEB
- github.com/hyperledger/fabric/security/advisories/GHSA-72x4-cq6r-jp4pghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.