Miggo Logo
Miggo Vulnerability Database
CVE-2021-43669

CVE-2021-43669: HTTP Request Smuggling in github.com/hyperledger/fabric

7.5

CVSS Score
3.1

Basic Information

CVE ID
CVE-2021-43669
GHSA ID
GHSA-j96p-r523-8r3w
EPSS Score
0.63576%
CWE
CWE-444
Published
12/3/2021
Updated
2/1/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/hyperledger/fabricgo< 2.4.02.4.0

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The GitHub PR #2828 explicitly mentions removing a panic in the ifConfig function to address FAB-18528. The vulnerability description states attackers could crash orderers by sending messages with invalid headers, which aligns with unhandled panics causing process termination. The commit message confirms this was the entry point for malicious payloads via the ordering service's RPC interface.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* vuln*r**ility **s ***n **t**t** in *yp*rL****r ***ri* v*.*.*, v*.*.*, v*.*.*, v*.*.*. It **n **sily *r**k *own *s m*ny or**r*rs *s t** *tt**k*r w*nts. T*is *u* **n ** l*v*r**** *y *onstru*tin* * m*ss*** w*os* *****r is inv*li* to t** int*r**** Or**

Reasoning

T** *it*u* PR #**** *xpli*itly m*ntions r*movin* * p*ni* in t** `i**on*i*` *un*tion to ***r*ss ***-*****. T** vuln*r**ility **s*ription st*t*s *tt**k*rs *oul* *r*s* or**r*rs *y s*n*in* m*ss***s wit* inv*li* *****rs, w*i** *li*ns wit* un**n*l** p*ni*s