{"containers": {"cna": {"affected": [{"product": "Indy Node", "vendor": "Hyperledger", "versions": [{"status": "affected", "version": "= 1.12.2"}]}], "descriptions": [{"lang": "en", "value": "In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "CWE-400: Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2020-06-11T00:05:14", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c"}, {"tags": ["x_refsource_MISC"], "url": "https://pypi.org/project/indy-node/1.12.3/"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123"}], "source": {"advisory": "GHSA-3gw4-m5w7-v89c", "discovery": "UNKNOWN"}, "title": "Uncontrolled Resource Consumption in Indy Node", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2020-11090", "STATE": "PUBLIC", "TITLE": "Uncontrolled Resource Consumption in Indy Node"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Indy Node", "version": {"version_data": [{"version_value": "= 1.12.2"}]}}]}, "vendor_name": "Hyperledger"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-400: Uncontrolled Resource Consumption"}]}]}, "references": {"reference_data": [{"name": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c", "refsource": "CONFIRM", "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c"}, {"name": "https://pypi.org/project/indy-node/1.12.3/", "refsource": "MISC", "url": "https://pypi.org/project/indy-node/1.12.3/"}, {"name": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123", "refsource": "MISC", "url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123"}]}, "source": {"advisory": "GHSA-3gw4-m5w7-v89c", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.678Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://pypi.org/project/indy-node/1.12.3/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2020-11090", "datePublished": "2020-06-11T00:05:14", "dateReserved": "2020-03-30T00:00:00", "dateUpdated": "2024-08-04T11:21:14.678Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:linuxfoundation:indy-node:1.12.2:*:*:*:*:*:*:*", "matchCriteriaId": "6DF979BB-4DCF-4234-89F1-ADAD619A80AC", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3."}, {"lang": "es", "value": "En Indy Node versi\u00f3n 1.12.2, se presenta una vulnerabilidad de Consumo de Recursos No Controlados. Indy Node presenta un bug en el c\u00f3digo de manejo de TAA. El primario actual puede bloquearse con una transacci\u00f3n malformada de un cliente, lo que conlleva a un cambio de vista. Los cambios repetidos de vista r\u00e1pida tienen el potencial de derribar la red. Esto es corregido en la versi\u00f3n 1.12.3"}], "id": "CVE-2020-11090", "lastModified": "2024-11-21T04:56:46.020", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-11T00:15:22.443", "references": [{"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://pypi.org/project/indy-node/1.12.3/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://pypi.org/project/indy-node/1.12.3/"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}