CVE-2021-43669: HTTP Request Smuggling in github.com/hyperledger/fabric
7.5
CVSS Score
3.1
Basic Information
CVE ID
GHSA ID
EPSS Score
0.63576%
CWE
Published
12/3/2021
Updated
2/1/2023
KEV Status
No
Technology
Go
Technical Details
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
---|---|---|---|
github.com/hyperledger/fabric | go | < 2.4.0 | 2.4.0 |
Vulnerability Intelligence
Miggo AI
Root Cause Analysis
The GitHub PR #2828 explicitly mentions removing a panic in the ifConfig
function to address FAB-18528. The vulnerability description states attackers could crash orderers by sending messages with invalid headers, which aligns with unhandled panics causing process
termination. The commit message confirms this was the entry point for malicious payloads via the ordering service's RPC interface.