Miggo Logo

CVE-2022-31006: Hyperledger indy-node vulnerable to denial of service

7.5

CVSS Score
3.1

Basic Information

EPSS Score
0.2797%
Published
9/16/2022
Updated
2/1/2023
KEV Status
No
Technology
TechnologyPython

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
indy-nodepip>= 0, <= 1.12.6

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insufficient firewall configuration guidance rather than specific code functions in indy-node. The root cause was inadequate iptables rules in deployment documentation/scripts (setup-iptables.md and setup_iptables script) that allowed connection exhaustion. While the setup_iptables script was modified in the fix, the vulnerability exists at the infrastructure configuration level rather than in application code functions. The CWE-400 classification refers to resource consumption through environmental factors (firewall settings) rather than specific software functions. No code functions in the indy-node package itself are identified as vulnerable with high confidence.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *n *tt**k*r **n m*x out t** num**r o* *li*nt *onn**tions *llow** *y t** l****r t**t w*s **ploy** usin* *ui**n** provi*** in t** in*y-no** r*pository, l**vin* t** l****r un**l* to ** us** *or its int*n*** purpos*. T** l****r *ont*nt will

Reasoning

T** vuln*r**ility st*ms *rom insu**i*i*nt *ir*w*ll *on*i*ur*tion *ui**n** r*t**r t**n sp**i*i* *o** *un*tions in in*y-no**. T** root **us* w*s in***qu*t* ipt**l*s rul*s in **ploym*nt *o*um*nt*tion/s*ripts (s*tup-ipt**l*s.m* *n* s*tup_ipt**l*s s*ript)