CVE-2022-31121: 
NixOS vulnerability analysis and mitigation

Hyperledger Fabric, a permissioned distributed ledger framework, was found to contain an improper input validation vulnerability (CVE-2022-31121) in the orderer/common/cluster consensus request component. The vulnerability affects versions <2.2.7 and >=2.3.0,<2.4.5, and was disclosed on July 7, 2022. The issue allows a consensus client to send malformed consensus requests that could potentially crash the orderer node (GitHub Advisory, NVD).

The vulnerability exists in the orderer/common/cluster component where improper validation of consensus requests could lead to a crash of the orderer node. The issue was classified as CWE-20 (Improper Input Validation) and received a high severity rating. The vulnerability specifically occurs when processing malformed consensus messages, where the system fails to properly validate the input before processing (GitHub Advisory).

If successfully exploited, this vulnerability could allow an attacker to crash the orderer node by sending malformed consensus requests. This could potentially lead to a denial of service condition in the affected Hyperledger Fabric network (GitHub Advisory).

The vulnerability has been fixed in versions 2.2.7 and 2.4.5 of Hyperledger Fabric. The fix implements proper validation of consensus requests and returns an error to the consensus client when malformed requests are detected. There are no known workarounds; users must upgrade to the patched versions (GitHub Release v2.2.7, GitHub Release v2.4.5).