Bitnami package
hyperledger-fabric-orderer
pkg:bitnami/hyperledger-fabric-orderer
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-41586 | Cri | — | >= 1.0.0, < 2.5.9 | 2.5.9 | May 7, 2026 | Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrust | |
| CVE-2024-45244 | — | < 2.5.10 | 2.5.10 | Aug 25, 2024 | Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window. | ||
| CVE-2023-46132 | — | >= 1.0.0, < 2.2.14 | 2.2.14 | Nov 14, 2023 | Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a bloc | ||
| CVE-2022-45196 | — | >= 2.3.0, < 2.3.1 | 2.3.1 | Nov 12, 2022 | Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist. | ||
| CVE-2022-36023 | — | < 2.4.6 | 2.4.6 | Aug 18, 2022 | Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway re | ||
| CVE-2022-31121 | — | < 2.2.7 | 2.2.7 | Jul 7, 2022 | Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and |
- affected >= 1.0.0, < 2.5.9fixed 2.5.9
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. From versions 1.0.0 to 2.2.26, Channel.java implements readObject() and exposes deSerializeChannel() which call ObjectInputStream.readObject() on untrust
- CVE-2024-45244Aug 25, 2024affected < 2.5.10fixed 2.5.10
Hyperledger Fabric through 3.0.0 and 2.5.x through 2.5.9 do not verify that a request has a timestamp within the expected time window.
- CVE-2023-46132Nov 14, 2023affected >= 1.0.0, < 2.2.14fixed 2.2.14
Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a bloc
- CVE-2022-45196Nov 12, 2022affected >= 2.3.0, < 2.3.1fixed 2.3.1
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.
- CVE-2022-36023Aug 18, 2022affected < 2.4.6fixed 2.4.6
Hyperledger Fabric is an enterprise-grade permissioned distributed ledger framework for developing solutions and applications. If a gateway client application sends a malformed request to a gateway peer it may crash the peer node. Version 2.4.6 checks for the malformed gateway re
- CVE-2022-31121Jul 7, 2022affected < 2.2.7fixed 2.2.7
Hyperledger Fabric is a permissioned distributed ledger framework. In affected versions if a consensus client sends a malformed consensus request to an orderer it may crash the orderer node. A fix has been added in commit 0f1835949 which checks for missing consensus messages and