CVE-2023-46132 (GCVE-0-2023-46132)

Vulnerability from cvelistv5 – Published: 2023-11-14 20:23 – Updated: 2024-08-29 20:19

Title

Crosslinking transaction attack in hyperledger/fabric

Summary

Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a "cross-linked block" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block. Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Severity ?

7.1 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

CWE

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	hyperledger	fabric	Affected: >= 1.0.0, < 2.2.14 Affected: >= 2.3.0, < 2.5.5

GSD-2023-46132

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-46132

Aliases

CVE-2023-46132

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-46132",
    "id": "GSD-2023-46132"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-46132"
      ],
      "details": "Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called \"cross-linking\" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a \"cross-linked block\" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block. Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks. Users are advised to upgrade. There are no known workarounds for this vulnerability.",
      "id": "GSD-2023-46132",
      "modified": "2023-12-13T01:20:52.868585Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-46132",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "fabric",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 1.0.0, \u003c 2.2.14"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 2.3.0, \u003c 2.5.5"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "hyperledger"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called \"cross-linking\" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a \"cross-linked block\" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block. Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks. Users are advised to upgrade. There are no known workarounds for this vulnerability."
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-362",
                "lang": "eng",
                "value": "CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization (\u0027Race Condition\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m",
            "refsource": "MISC",
            "url": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-v9w2-543f-h69m",
        "discovery": "UNKNOWN"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.5.5",
                "versionStartIncluding": "2.3.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "2.2.14",
                "versionStartIncluding": "1.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-46132"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called \"cross-linking\" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a \"cross-linked block\" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block. Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks. Users are advised to upgrade. There are no known workarounds for this vulnerability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": []
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m",
              "refsource": "",
              "tags": [
                "Exploit",
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-11-22T15:12Z",
      "publishedDate": "2023-11-14T21:15Z"
    }
  }
}

GHSA-V9W2-543F-H69M

Vulnerability from github – Published: 2023-11-14 20:28 – Updated: 2023-11-14 21:37

Summary

Fabric vulnerable to crosslinking transaction attack

Details

Short summary

Combining two molecules to one another, called "cross-linking" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules.

In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer.

Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a "cross-linked block" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block.

Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks.

Impact

In V1 and V2, we only have a crash fault tolerant orderer and as such, the security model Fabric operates in is that the orderer is honest, but peers may be malicious. As such, a peer that replicates a block from a malicious peer can have a state fork.

In V3 which we did not a release a GA yet (only a preview), we have a byzantine fault tolerant orderering service, so the security model that Fabric operates in such a case includes malicious orderers. If the orderer is malicious, it can cause state forks for peers, and can infect non-malicious orderers with cross-linked blocks.

Long summary

In order to create a signature on a big chunk of data such as a block, the data needs to be "compressed" first to the input size of the signature algorithm.

In Fabric's case, we use a hash function which compressed a Fabric block from arbitrary size to a 32 byte string.

In order to understand the problem we need to be more specific: The block structure has three parts to it: (1) Header, (2) Transactions, and (3) Metadata.

When hashing the block, the header and metadata are stitched together and then hashed, and this hash of the header and the metadata is what signed (it's a simplification but let's not get into details)

However, the transactions of the block are not part of the above hash. Instead, the header contains a hash, called the "Data hash" and despite the fact that in the comments it is said: "// The hash of the BlockData, by MerkleTree", actually it is far from being the case, and that is where our problem lies.

The problem is that the way the transactions are hashed gives an attacker some freedom in manipulating the data.

To create the Data Hash, the transactions in the block are concatenated to one another, creating a big long byte array and then this big long byte array is hashed, and this is essentially the Data Hash.

The transactions in the block are a list of raw byte arrays, and when they are concatenated they look like this:

|$$$$$$$$$$$$|*************|@@@@@@@@@@@@|%%%%%%%%%| (The vertical lines " | " represent how transactions are separated in a block.)

When the transactions are concatenated in order to be hashed, the payload that is hashed is: $$$$$$$$$$$$*************@@@@@@@@@@@@%%%%%%%%%

An adversary can't change the bytes of the concatenation, however what it can do, is to modify how transactions are encoded in the block:

For example, consider an adversary wants to manipulate a peer to skip the second transaction (**).

It can then create a block with the transactions as follows:

|$$$$$$$$$$$$*************|@@@@@@@@@@@@|%%%%%%%%%|

Notice that a block with the above transactions has the same concatenation of bytes as the original block, but the block has one less transaction - the first transaction is a concatenation of the first and second transactions in the original block.

When the peer receives this block, it looks at the first transaction and when it parses it, it completely ignores the * bytes, (we will see why soon), and so, an adversary can create a block with the same hash but different transactions and this would create a fork in the network.

I made a small PoC where I created a block with 2 transactions (by invoking two chaincodes at the same time) with a Raft orderer:

    [e][OrdererOrg.orderer] 2023-10-14 23:07:34.076 CEST 0079 INFO [orderer.consensus.etcdraft] propose -> Created block [10] with 2 transactions, there are 0 blocks in flight channel=testchannel node=1

But right after creating the block, I just modified only its transaction content (without modifying the block hash) and then the peers only detect a single transaction inside that block:

    [e][Org2.peer0] 2023-10-14 23:07:34.079 CEST 0099 INFO [kvledger] commit -> [testchannel] Committed block [10] with 1 transaction(s) in 0ms (state_validation=0ms block_and_pvtdata_commit=0ms state_commit=0ms) commitHash=[c5ecca818da9319af2f276dd01cd1337938f20c3535dd23f95a33933a114fe84]

The important takeaway from this experiment is that the peer does not detect any tempering was done to the block. If an attacker performs this attack, the network can be forked silently and no one will notice the network was forked until it's too late.

Patches

Here is the patch I propose (the explanation is further below):

diff --git a/internal/peer/gossip/mcs.go b/internal/peer/gossip/mcs.go
index b46df8b6a..9c3b5c8fd 100644
--- a/internal/peer/gossip/mcs.go
+++ b/internal/peer/gossip/mcs.go
@@ -150,6 +150,10 @@ func (s *MSPMessageCryptoService) VerifyBlock(chainID common.ChannelID, seqNum u
        return fmt.Errorf("Block with id [%d] on channel [%s] does not have metadata. Block not valid.", block.Header.Number, chainID)
    }

+   if err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {
+       return err
+   }
+
    // - Verify that Header.DataHash is equal to the hash of block.Data
    // This is to ensure that the header is consistent with the data carried by this block
    if !bytes.Equal(protoutil.BlockDataHash(block.Data), block.Header.DataHash) {
diff --git a/orderer/common/cluster/util.go b/orderer/common/cluster/util.go
index e229bebfc..05b1bfaa9 100644
--- a/orderer/common/cluster/util.go
+++ b/orderer/common/cluster/util.go
@@ -260,6 +260,9 @@ func VerifyBlockHash(indexInBuffer int, blockBuff []*common.Block) error {
    if block.Header == nil {
        return errors.New("missing block header")
    }
+   if err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {
+       return err
+   }
    seq := block.Header.Number
    dataHash := protoutil.BlockDataHash(block.Data)
    // Verify data hash matches the hash in the header
diff --git a/orderer/consensus/smartbft/verifier.go b/orderer/consensus/smartbft/verifier.go
index 2b9fdfc4c..f232a1eae 100644
--- a/orderer/consensus/smartbft/verifier.go
+++ b/orderer/consensus/smartbft/verifier.go
@@ -237,6 +237,10 @@ func verifyHashChain(block *cb.Block, prevHeaderHash string) error {
        return errors.Errorf("previous header hash is %s but expected %s", thisHdrHashOfPrevHdr, prevHeaderHash)
    }

+   if err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {
+       return err
+   }
+
    dataHash := hex.EncodeToString(block.Header.DataHash)
    actualHashOfData := hex.EncodeToString(protoutil.BlockDataHash(block.Data))
    if dataHash != actualHashOfData {
diff --git a/protoutil/blockutils.go b/protoutil/blockutils.go
index 8527869e4..fca3c386f 100644
--- a/protoutil/blockutils.go
+++ b/protoutil/blockutils.go
@@ -10,6 +10,7 @@ import (
    "bytes"
    "crypto/sha256"
    "encoding/asn1"
+   "encoding/base64"
    "fmt"
    "math/big"

@@ -298,3 +299,35 @@ func searchConsenterIdentityByID(consenters []*cb.Consenter, identifier uint32)
    }
    return nil
 }
+
+func VerifyTransactionsAreWellFormed(block *cb.Block) error {
+   if block == nil || block.Data == nil || len(block.Data.Data) == 0 {
+       return nil
+   }
+
+   for i, rawTx := range block.Data.Data {
+       env := &cb.Envelope{}
+       if err := proto.Unmarshal(rawTx, env); err != nil {
+           return fmt.Errorf("transaction %d is invalid: %v", i, err)
+       }
+
+       if len(env.Payload) == 0 {
+           return fmt.Errorf("transaction %d has no payload", i)
+       }
+
+       if len(env.Signature) == 0 {
+           return fmt.Errorf("transaction %d has no signature", i)
+       }
+
+       expected := MarshalOrPanic(env)
+       if len(expected) < len(rawTx) {
+           return fmt.Errorf("transaction %d has %d trailing bytes", i, len(rawTx)-len(expected))
+       }
+       if !bytes.Equal(expected, rawTx) {
+           return fmt.Errorf("transaction %d (%s) does not match its raw form (%s)", i,
+               base64.StdEncoding.EncodeToString(expected), base64.StdEncoding.EncodeToString(rawTx))
+       }
+   }
+
+   return nil
+}
diff --git a/protoutil/blockutils_test.go b/protoutil/blockutils_test.go
index b2159da9f..2871483f1 100644
--- a/protoutil/blockutils_test.go
+++ b/protoutil/blockutils_test.go
@@ -489,3 +489,109 @@ func TestBlockSignatureVerifierByCreator(t *testing.T) {
    require.Len(t, signatureSet, 1)
    require.Equal(t, []byte("creator1"), signatureSet[0].Identity)
 }
+
+func TestVerifyTransactionsAreWellFormed(t *testing.T) {
+   originalBlock := &cb.Block{
+       Data: &cb.BlockData{
+           Data: [][]byte{
+               marshalOrPanic(&cb.Envelope{
+                   Payload:   []byte{1, 2, 3},
+                   Signature: []byte{4, 5, 6},
+               }),
+               marshalOrPanic(&cb.Envelope{
+                   Payload:   []byte{7, 8, 9},
+                   Signature: []byte{10, 11, 12},
+               }),
+           },
+       },
+   }
+
+   forgedBlock := proto.Clone(originalBlock).(*cb.Block)
+   tmp := make([]byte, len(forgedBlock.Data.Data[0])+len(forgedBlock.Data.Data[1]))
+   copy(tmp, forgedBlock.Data.Data[0])
+   copy(tmp[len(forgedBlock.Data.Data[0]):], forgedBlock.Data.Data[1])
+   forgedBlock.Data.Data = [][]byte{tmp} // Replace transactions {0,1} with transaction {0 || 1}
+
+   for _, tst := range []struct {
+       name          string
+       expectedError string
+       block         *cb.Block
+   }{
+       {
+           name: "empty block",
+       },
+       {
+           name:  "no block data",
+           block: &cb.Block{},
+       },
+       {
+           name:  "no transactions",
+           block: &cb.Block{Data: &cb.BlockData{}},
+       },
+       {
+           name: "single transaction",
+           block: &cb.Block{Data: &cb.BlockData{Data: [][]byte{marshalOrPanic(&cb.Envelope{
+               Payload:   []byte{1, 2, 3},
+               Signature: []byte{4, 5, 6},
+           })}}},
+       },
+       {
+           name:  "good block",
+           block: originalBlock,
+       },
+       {
+           name:          "forged block",
+           block:         forgedBlock,
+           expectedError: "transaction 0 has 10 trailing bytes",
+       },
+       {
+           name:          "no signature",
+           expectedError: "transaction 0 has no signature",
+           block: &cb.Block{
+               Data: &cb.BlockData{
+                   Data: [][]byte{
+                       marshalOrPanic(&cb.Envelope{
+                           Payload: []byte{1, 2, 3},
+                       }),
+                   },
+               },
+           },
+       },
+       {
+           name:          "no payload",
+           expectedError: "transaction 0 has no payload",
+           block: &cb.Block{
+               Data: &cb.BlockData{
+                   Data: [][]byte{
+                       marshalOrPanic(&cb.Envelope{
+                           Signature: []byte{4, 5, 6},
+                       }),
+                   },
+               },
+           },
+       },
+       {
+           name:          "transaction invalid",
+           expectedError: "transaction 0 is invalid: proto: cannot parse invalid wire-format data",
+           block: &cb.Block{
+               Data: &cb.BlockData{
+                   Data: [][]byte{
+                       marshalOrPanic(&cb.Envelope{
+                           Payload:   []byte{1, 2, 3},
+                           Signature: []byte{4, 5, 6},
+                       })[9:],
+                   },
+               },
+           },
+       },
+   } {
+       t.Run(tst.name, func(t *testing.T) {
+           err := protoutil.VerifyTransactionsAreWellFormed(tst.block)
+           if tst.expectedError == "" {
+               require.NoError(t, err)
+           } else {
+               require.EqualError(t, err, tst.expectedError)
+           }
+       })
+   }
+}

The idea is as follows:

When we validate that the block's transactions match the hash in the header, we not only hash the transactions are earlier,

but also ensure that if the transactions in the block are encoded into bytes, they re-create the exact split in the original block: |$$$$$$$$$$$$|***********|@@@@@@@@@|%%%%%%%%%%%|

More specifically, each transaction in the block is parsed and then re-encoded to bytes, and we check that the original encoding of a transaction is as the second encoding after parsing the original bytes of the transaction.

This fix keeps the legacy way of hashing transactions to create the block data hash, but also aims to check if some manipulation was done.

To understand why the fix works, we need to understand how protobuf, the wire protocol that Fabric uses to encode transactions (and almost anything it sends over the wire or writes to disk) encodes a transaction.

A transaction is a protobuf message with two fields of bytes: (1) Payload and (2) Signature.

When encoding a field of bytes, protobuf first writes a tag for the field (a byte) and then writes the length of the field in variable-length encoding, and then the bytes themselves.

For example, to encode a transaction, protobuf writes 10 (the tag for payload), then two bytes for the length of the payload, then the payload, and then 18, the tag for the signature, and then a single byte for the length of the signature, and finally the signature.

Now, we can understand a proof sketch of why my solution works:

Assume in contradiction that an adversary takes a block of transactions and changes the split of the concatenation in a way that changes the transactions for a peer:

From |$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%| to (for example): From |$$$$$$$$$$$$************|@@@@@@@@@@@|...|%%%%%%%|

Since this split is not identical to the original split, there exists at least one transaction index of different size between the two splits. Let's look at the first transaction that is of different size.

For example, for the split:

|$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%| we have two options:

The first transaction of different size is smaller in the new split: |$$$$$$$$$$$$|*****|*******|@@@@@@@@@@@|...|%%%%%%%| In such a case, it must contain both a payload and a signature, so it needs two fields (we can say we will return an error if one of the two is missing). If the protobuf parser detects it lacks bytes to parse a payload, it will fail with an error. Else, it has enough bytes to parse the payload, and then the signature is parsed. If the signature field is too short then we also error similarly.
The first transaction of different size is bigger in the new split: |$$$$$$$$$$$$|************@@@@|@@@@@@@|...|%%%%%%%| In that case, once this transaction is parsed, the extra bytes are skipped, so encoding the transaction to bytes yields a shorter byte array, and we detect a tempering.

Severity ?

7.1 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hyperledger/fabric"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.0.0-alpha"
            },
            {
              "fixed": "2.2.14"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/hyperledger/fabric"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.3.0"
            },
            {
              "fixed": "2.5.5"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-46132"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-362"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-11-14T20:28:34Z",
    "nvd_published_at": "2023-11-14T21:15:11Z",
    "severity": "HIGH"
  },
  "details": "# Short summary\n\nCombining two molecules to one another, called \"cross-linking\" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. \n\nIn Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block `B` and a second peer receives a block identical to `B` but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. \n\nOrderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a \"cross-linked block\" (block with cross-linked transactions) which alters the way peers process transactions. \nFor example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block.\n\nAdditional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks.\n\n## Impact\nIn V1 and V2, we only have a crash fault tolerant orderer and as such, the security model Fabric operates in is that the orderer is honest,\nbut peers may be malicious. As such, a peer that replicates a block from a malicious peer can have a state fork.\n\nIn V3 which we did not a release a GA yet (only a preview), we have a byzantine fault tolerant orderering service, so the security model that Fabric operates in such a case includes malicious orderers. If the orderer is malicious, it can cause state forks for peers, and can infect non-malicious orderers with cross-linked blocks.\n\n# Long summary\n\nIn order to create a signature on a big chunk of data  such as a block, the data needs to be \"compressed\" first to the input size of the signature algorithm.\n\nIn Fabric\u0027s case, we use a hash function which compressed a Fabric block from arbitrary size to a 32 byte string.\n\nIn order to understand the problem we need to be more specific: The block structure has three parts to it: (1) Header, (2) Transactions, and (3) Metadata.\n\nWhen hashing the block, the header and metadata are stitched together and then hashed, and this hash of the header and the metadata is what signed (it\u0027s a simplification but let\u0027s not get into details)\n\nHowever, the transactions of the block are not part of the above hash. Instead, the header contains a hash, called the \"Data hash\" and despite the fact that in the comments it is said: \"// The hash of the BlockData, by MerkleTree\", actually it is far from being the case, and that is where our problem lies.\n\nThe problem is that the way the transactions are hashed gives an attacker some freedom in manipulating the data. \n\nTo create the Data Hash, the transactions in the block are concatenated to one another, creating a big long byte array and then this big long byte array is hashed, and this is essentially the Data Hash.\n\nThe transactions in the block are a list of raw byte arrays, and when they are concatenated they look like this:\n\n`|$$$$$$$$$$$$|*************|@@@@@@@@@@@@|%%%%%%%%%|`  (The vertical lines \" | \" represent how transactions are separated in a block.)\n\nWhen the transactions are concatenated in order to be hashed, the payload that is hashed is: \n`$$$$$$$$$$$$*************@@@@@@@@@@@@%%%%%%%%%`\n\nAn adversary can\u0027t change the bytes of the concatenation, however what it can do, is to modify how transactions are encoded in the block:\n\nFor example, consider an adversary wants to manipulate a peer to skip the second transaction (******).\n\nIt can then create a block with the transactions as follows:\n\n`|$$$$$$$$$$$$*************|@@@@@@@@@@@@|%%%%%%%%%| `\n\nNotice that a block with the above transactions has the same concatenation of bytes as the original block, but the block has one less transaction - the first transaction is a concatenation of the first and second transactions in the original block.\n\nWhen the peer receives this block, it looks at the first transaction and when it parses it, it completely ignores the ***** bytes, (we will see why soon), and so, an adversary can create a block with the same hash but different transactions and this would create a fork in the network.\n \nI made a small PoC where I created a block with 2 transactions (by invoking two chaincodes at the same time) with a Raft orderer:\n\n```\n    [e][OrdererOrg.orderer] 2023-10-14 23:07:34.076 CEST 0079 INFO [orderer.consensus.etcdraft] propose -\u003e Created block [10] with 2 transactions, there are 0 blocks in flight channel=testchannel node=1\n```\n\nBut right after creating the block, I just modified only its transaction content (without modifying the block hash) and then the peers only detect a single transaction inside that block:\n \n```\n    [e][Org2.peer0] 2023-10-14 23:07:34.079 CEST 0099 INFO [kvledger] commit -\u003e [testchannel] Committed block [10] with 1 transaction(s) in 0ms (state_validation=0ms block_and_pvtdata_commit=0ms state_commit=0ms) commitHash=[c5ecca818da9319af2f276dd01cd1337938f20c3535dd23f95a33933a114fe84]\n```\n\nThe important takeaway from this experiment is that the peer does not detect any tempering was done to the block. If an attacker performs this attack, the network can be forked silently and no one will notice the network was forked until it\u0027s too late.\n\n \n\n# Patches\nHere is the patch I propose (the explanation is further below): \n\n```\ndiff --git a/internal/peer/gossip/mcs.go b/internal/peer/gossip/mcs.go\nindex b46df8b6a..9c3b5c8fd 100644\n--- a/internal/peer/gossip/mcs.go\n+++ b/internal/peer/gossip/mcs.go\n@@ -150,6 +150,10 @@ func (s *MSPMessageCryptoService) VerifyBlock(chainID common.ChannelID, seqNum u\n \t\treturn fmt.Errorf(\"Block with id [%d] on channel [%s] does not have metadata. Block not valid.\", block.Header.Number, chainID)\n \t}\n \n+\tif err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {\n+\t\treturn err\n+\t}\n+\n \t// - Verify that Header.DataHash is equal to the hash of block.Data\n \t// This is to ensure that the header is consistent with the data carried by this block\n \tif !bytes.Equal(protoutil.BlockDataHash(block.Data), block.Header.DataHash) {\ndiff --git a/orderer/common/cluster/util.go b/orderer/common/cluster/util.go\nindex e229bebfc..05b1bfaa9 100644\n--- a/orderer/common/cluster/util.go\n+++ b/orderer/common/cluster/util.go\n@@ -260,6 +260,9 @@ func VerifyBlockHash(indexInBuffer int, blockBuff []*common.Block) error {\n \tif block.Header == nil {\n \t\treturn errors.New(\"missing block header\")\n \t}\n+\tif err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {\n+\t\treturn err\n+\t}\n \tseq := block.Header.Number\n \tdataHash := protoutil.BlockDataHash(block.Data)\n \t// Verify data hash matches the hash in the header\ndiff --git a/orderer/consensus/smartbft/verifier.go b/orderer/consensus/smartbft/verifier.go\nindex 2b9fdfc4c..f232a1eae 100644\n--- a/orderer/consensus/smartbft/verifier.go\n+++ b/orderer/consensus/smartbft/verifier.go\n@@ -237,6 +237,10 @@ func verifyHashChain(block *cb.Block, prevHeaderHash string) error {\n \t\treturn errors.Errorf(\"previous header hash is %s but expected %s\", thisHdrHashOfPrevHdr, prevHeaderHash)\n \t}\n \n+\tif err := protoutil.VerifyTransactionsAreWellFormed(block); err != nil {\n+\t\treturn err\n+\t}\n+\n \tdataHash := hex.EncodeToString(block.Header.DataHash)\n \tactualHashOfData := hex.EncodeToString(protoutil.BlockDataHash(block.Data))\n \tif dataHash != actualHashOfData {\ndiff --git a/protoutil/blockutils.go b/protoutil/blockutils.go\nindex 8527869e4..fca3c386f 100644\n--- a/protoutil/blockutils.go\n+++ b/protoutil/blockutils.go\n@@ -10,6 +10,7 @@ import (\n \t\"bytes\"\n \t\"crypto/sha256\"\n \t\"encoding/asn1\"\n+\t\"encoding/base64\"\n \t\"fmt\"\n \t\"math/big\"\n \n@@ -298,3 +299,35 @@ func searchConsenterIdentityByID(consenters []*cb.Consenter, identifier uint32)\n \t}\n \treturn nil\n }\n+\n+func VerifyTransactionsAreWellFormed(block *cb.Block) error {\n+\tif block == nil || block.Data == nil || len(block.Data.Data) == 0 {\n+\t\treturn nil\n+\t}\n+\n+\tfor i, rawTx := range block.Data.Data {\n+\t\tenv := \u0026cb.Envelope{}\n+\t\tif err := proto.Unmarshal(rawTx, env); err != nil {\n+\t\t\treturn fmt.Errorf(\"transaction %d is invalid: %v\", i, err)\n+\t\t}\n+\n+\t\tif len(env.Payload) == 0 {\n+\t\t\treturn fmt.Errorf(\"transaction %d has no payload\", i)\n+\t\t}\n+\n+\t\tif len(env.Signature) == 0 {\n+\t\t\treturn fmt.Errorf(\"transaction %d has no signature\", i)\n+\t\t}\n+\n+\t\texpected := MarshalOrPanic(env)\n+\t\tif len(expected) \u003c len(rawTx) {\n+\t\t\treturn fmt.Errorf(\"transaction %d has %d trailing bytes\", i, len(rawTx)-len(expected))\n+\t\t}\n+\t\tif !bytes.Equal(expected, rawTx) {\n+\t\t\treturn fmt.Errorf(\"transaction %d (%s) does not match its raw form (%s)\", i,\n+\t\t\t\tbase64.StdEncoding.EncodeToString(expected), base64.StdEncoding.EncodeToString(rawTx))\n+\t\t}\n+\t}\n+\n+\treturn nil\n+}\ndiff --git a/protoutil/blockutils_test.go b/protoutil/blockutils_test.go\nindex b2159da9f..2871483f1 100644\n--- a/protoutil/blockutils_test.go\n+++ b/protoutil/blockutils_test.go\n@@ -489,3 +489,109 @@ func TestBlockSignatureVerifierByCreator(t *testing.T) {\n \trequire.Len(t, signatureSet, 1)\n \trequire.Equal(t, []byte(\"creator1\"), signatureSet[0].Identity)\n }\n+\n+func TestVerifyTransactionsAreWellFormed(t *testing.T) {\n+\toriginalBlock := \u0026cb.Block{\n+\t\tData: \u0026cb.BlockData{\n+\t\t\tData: [][]byte{\n+\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\tPayload:   []byte{1, 2, 3},\n+\t\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t\t}),\n+\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\tPayload:   []byte{7, 8, 9},\n+\t\t\t\t\tSignature: []byte{10, 11, 12},\n+\t\t\t\t}),\n+\t\t\t},\n+\t\t},\n+\t}\n+\n+\tforgedBlock := proto.Clone(originalBlock).(*cb.Block)\n+\ttmp := make([]byte, len(forgedBlock.Data.Data[0])+len(forgedBlock.Data.Data[1]))\n+\tcopy(tmp, forgedBlock.Data.Data[0])\n+\tcopy(tmp[len(forgedBlock.Data.Data[0]):], forgedBlock.Data.Data[1])\n+\tforgedBlock.Data.Data = [][]byte{tmp} // Replace transactions {0,1} with transaction {0 || 1}\n+\n+\tfor _, tst := range []struct {\n+\t\tname          string\n+\t\texpectedError string\n+\t\tblock         *cb.Block\n+\t}{\n+\t\t{\n+\t\t\tname: \"empty block\",\n+\t\t},\n+\t\t{\n+\t\t\tname:  \"no block data\",\n+\t\t\tblock: \u0026cb.Block{},\n+\t\t},\n+\t\t{\n+\t\t\tname:  \"no transactions\",\n+\t\t\tblock: \u0026cb.Block{Data: \u0026cb.BlockData{}},\n+\t\t},\n+\t\t{\n+\t\t\tname: \"single transaction\",\n+\t\t\tblock: \u0026cb.Block{Data: \u0026cb.BlockData{Data: [][]byte{marshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\tPayload:   []byte{1, 2, 3},\n+\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t})}}},\n+\t\t},\n+\t\t{\n+\t\t\tname:  \"good block\",\n+\t\t\tblock: originalBlock,\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"forged block\",\n+\t\t\tblock:         forgedBlock,\n+\t\t\texpectedError: \"transaction 0 has 10 trailing bytes\",\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"no signature\",\n+\t\t\texpectedError: \"transaction 0 has no signature\",\n+\t\t\tblock: \u0026cb.Block{\n+\t\t\t\tData: \u0026cb.BlockData{\n+\t\t\t\t\tData: [][]byte{\n+\t\t\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\t\t\tPayload: []byte{1, 2, 3},\n+\t\t\t\t\t\t}),\n+\t\t\t\t\t},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"no payload\",\n+\t\t\texpectedError: \"transaction 0 has no payload\",\n+\t\t\tblock: \u0026cb.Block{\n+\t\t\t\tData: \u0026cb.BlockData{\n+\t\t\t\t\tData: [][]byte{\n+\t\t\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t\t\t\t}),\n+\t\t\t\t\t},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t\t{\n+\t\t\tname:          \"transaction invalid\",\n+\t\t\texpectedError: \"transaction 0 is invalid: proto: cannot parse invalid wire-format data\",\n+\t\t\tblock: \u0026cb.Block{\n+\t\t\t\tData: \u0026cb.BlockData{\n+\t\t\t\t\tData: [][]byte{\n+\t\t\t\t\t\tmarshalOrPanic(\u0026cb.Envelope{\n+\t\t\t\t\t\t\tPayload:   []byte{1, 2, 3},\n+\t\t\t\t\t\t\tSignature: []byte{4, 5, 6},\n+\t\t\t\t\t\t})[9:],\n+\t\t\t\t\t},\n+\t\t\t\t},\n+\t\t\t},\n+\t\t},\n+\t} {\n+\t\tt.Run(tst.name, func(t *testing.T) {\n+\t\t\terr := protoutil.VerifyTransactionsAreWellFormed(tst.block)\n+\t\t\tif tst.expectedError == \"\" {\n+\t\t\t\trequire.NoError(t, err)\n+\t\t\t} else {\n+\t\t\t\trequire.EqualError(t, err, tst.expectedError)\n+\t\t\t}\n+\t\t})\n+\t}\n+}\n\n```\n\nThe idea is as follows:\n\nWhen we validate that the block\u0027s transactions match the hash in the header, we not only hash the transactions are earlier, \n\nbut also ensure that if the transactions in the block are encoded into bytes, they re-create the exact split in the original block: `|$$$$$$$$$$$$|***********|@@@@@@@@@|%%%%%%%%%%%|`\n\nMore specifically, each transaction in the block is parsed and then re-encoded to bytes, and we check that the original encoding of a transaction is as the second encoding after parsing the original bytes of the transaction.\n\nThis fix keeps the legacy way of hashing transactions to create the block data hash, but also aims to check if some manipulation was done.\n\n \nTo understand why the fix works, we need to understand how protobuf, the wire protocol that Fabric uses to encode transactions (and almost anything it sends over the wire or writes to disk) encodes a transaction.\n\nA transaction is a protobuf message with two fields of bytes: (1) Payload and (2) Signature.\n\nWhen encoding a field of bytes, protobuf first writes a tag for the field (a byte) and then writes the length of the field in variable-length encoding, and then the bytes themselves.\n\nFor example, to encode a transaction, protobuf writes 10 (the tag for payload), then two bytes for the length of the payload, then the payload, and then 18, the tag for the signature, and then a single byte for the length of the signature, and finally the signature.\n\nNow, we can understand a proof sketch of why my solution works:\n\nAssume in contradiction that an adversary takes a block of transactions and changes the split of the concatenation in a way that changes the transactions for a peer:\n\nFrom `|$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%|` to (for example): From `|$$$$$$$$$$$$************|@@@@@@@@@@@|...|%%%%%%%|` \n\nSince this split is not identical to the original split, there exists at least one transaction index of different size between the two splits. Let\u0027s look at the first transaction that is of different size.\n\nFor example, for the split:\n\n`|$$$$$$$$$$$$|************|@@@@@@@@@@@|...|%%%%%%%|`  we have two options:\n\n1.  The first transaction of different size is smaller in the new split:  `|$$$$$$$$$$$$|*****|*******|@@@@@@@@@@@|...|%%%%%%%|`  In such a case, it must contain both a payload and a signature, so it needs two fields (we can say we will return an error if one of the two is missing). If the protobuf parser detects it lacks bytes to parse a payload, it will fail with an error. Else, it has enough bytes to parse the payload, and then the signature is parsed. If the signature field is too short then we also error similarly.\n\n2. The first transaction of different size is bigger in the new split: `|$$$$$$$$$$$$|************@@@@|@@@@@@@|...|%%%%%%%|` \nIn that case, once this transaction is parsed, the extra bytes are skipped, so encoding the transaction to bytes yields a shorter byte array, and we detect a tempering.\n\n",
  "id": "GHSA-v9w2-543f-h69m",
  "modified": "2023-11-14T21:37:09Z",
  "published": "2023-11-14T20:28:34Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46132"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/pull/4503"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/pull/4504"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/commit/389b2e66de9a6fbc6043216d554c97bbbdf0e008"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/commit/93bef10bd3ce3c54d7f3b064f765dbde61da7def"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/hyperledger/fabric"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/releases/tag/v2.2.14"
    },
    {
      "type": "WEB",
      "url": "https://github.com/hyperledger/fabric/releases/tag/v2.5.5"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Fabric vulnerable to crosslinking transaction attack"
}

FKIE_CVE-2023-46132

Vulnerability from fkie_nvd - Published: 2023-11-14 21:15 - Updated: 2024-11-21 08:27

Severity ?

7.1 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

References

	URL	Tags
	security-advisories@github.com	https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m	Exploit, Mitigation, Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m	Exploit, Mitigation, Vendor Advisory

Impacted products

	Vendor	Product	Version
	hyperledger	fabric	*
	hyperledger	fabric	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1424E57-3AD8-488F-B35C-EF4A020804DE",
              "versionEndExcluding": "2.2.14",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hyperledger:fabric:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5595B581-80B8-4797-9C3C-73D57A0DF6ED",
              "versionEndExcluding": "2.5.5",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Hyperledger Fabric is an open source permissioned distributed ledger framework. Combining two molecules to one another, called \"cross-linking\" results in a molecule with a chemical formula that is composed of all atoms of the original two molecules. In Fabric, one can take a block of transactions and cross-link the transactions in a way that alters the way the peers parse the transactions. If a first peer receives a block B and a second peer receives a block identical to B but with the transactions being cross-linked, the second peer will parse transactions in a different way and thus its world state will deviate from the first peer. Orderers or peers cannot detect that a block has its transactions cross-linked, because there is a vulnerability in the way Fabric hashes the transactions of blocks. It simply and naively concatenates them, which is insecure and lets an adversary craft a \"cross-linked block\" (block with cross-linked transactions) which alters the way peers process transactions. For example, it is possible to select a transaction and manipulate a peer to completely avoid processing it, without changing the computed hash of the block. Additional validations have been added in v2.2.14 and v2.5.5 to detect potential cross-linking issues before processing blocks. Users are advised to upgrade. There are no known workarounds for this vulnerability."
    },
    {
      "lang": "es",
      "value": "Hyperledger Fabric es un framework de contabilidad distribuido con permisos de c\u00f3digo abierto. La combinaci\u00f3n de dos mol\u00e9culas entre s\u00ed, lo que se denomina \"cross-linking\", da como resultado una mol\u00e9cula con una f\u00f3rmula qu\u00edmica que est\u00e1 compuesta por todos los \u00e1tomos de las dos mol\u00e9culas originales. En Fabric, se puede tomar un bloque de transacciones y vincular las transacciones de una manera que altere la forma en que los pares analizan las transacciones. Si un primer par recibe un bloque B y un segundo par recibe un bloque id\u00e9ntico a B pero con las transacciones cross-linked, el segundo par analizar\u00e1 las transacciones de una manera diferente y, por lo tanto, su estado mundial se desviar\u00e1 del primer par. Los ordenantes o pares no pueden detectar que un bloque tiene sus transacciones cross-linked, porque existe una vulnerabilidad en la forma en que Fabric procesa las transacciones de los bloques. Los concatena de manera simple e ingenua, lo cual es inseguro y permite que un adversario cree un \"cross-linked block\" (bloque con transacciones entrecruzadas) que altera la forma en que los pares procesan las transacciones. Por ejemplo, es posible seleccionar una transacci\u00f3n y manipular un par para evitar por completo procesarla, sin cambiar el hash calculado del bloque. Se agregaron validaciones adicionales en v2.2.14 y v2.5.5 para detectar posibles problemas de cross-linking antes de procesar bloques. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."
    }
  ],
  "id": "CVE-2023-46132",
  "lastModified": "2024-11-21T08:27:56.877",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-11-14T21:15:11.003",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/hyperledger/fabric/security/advisories/GHSA-v9w2-543f-h69m"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-362"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-46132 (GCVE-0-2023-46132)

GSD-2023-46132

GHSA-V9W2-543F-H69M

Short summary

Impact

Long summary

Patches

FKIE_CVE-2023-46132

Tags

Sightings

Nomenclature