x/vulndb: potential Go vuln in github.com/hyperledger/fabric: CVE-2022-45196

[GoVulnBot]

CVE-2022-45196 references github.com/hyperledger/fabric, which may be a Go module.

Description:
Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-45196
• JSON: https://github.com/CVEProject/cvelist/tree/e338e0b09a737a0e4cfa659300c8df359d9d37c2/2022/45xxx/CVE-2022-45196.json
• web: orderer crashes down after receiving fuzzed channel tx. SmartBFT-Go/fabric#286
• fix: FAB-2931: do not create a chain if it's already created hyperledger/fabric#2934
• Imported by: https://pkg.go.dev/github.com/hyperledger/fabric?tab=importedby

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/hyperledger/fabric
    packages:
      - package: n/a
description: |
    Hyperledger Fabric 2.3 allows attackers to cause a denial of service (orderer crash) by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist.
cves:
  - CVE-2022-45196
references:
  - web: https://github.com/SmartBFT-Go/fabric/issues/286
  - fix: https://github.com/hyperledger/fabric/pull/2934

[gopherbot]

Change https://go.dev/cl/449559 mentions this issue: data/excluded: add Go-2022-110{4,9}.yaml

[gopherbot]

Change https://go.dev/cl/592835 mentions this issue: data/reports: unexclude 50 reports