pysec-2020-47
Vulnerability from pysec
Published
2020-06-11 00:15
Modified
2020-06-22 16:36
Details
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.
Impacted products
| Name | purl | indy-node | pkg:pypi/indy-node |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "indy-node",
"purl": "pkg:pypi/indy-node"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.12.3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.0.1.dev38",
"0.0.1.dev40",
"0.0.2",
"0.0.3",
"0.0.4",
"0.0.12",
"0.0.20",
"0.0.21",
"0.0.22",
"0.0.23",
"0.0.24",
"0.0.25",
"0.0.28",
"0.0.30",
"0.0.31",
"0.0.32",
"0.4.27",
"1.0.28",
"1.0.29",
"1.1.1",
"1.1.30",
"1.1.31",
"1.1.32",
"1.1.33",
"1.1.34",
"1.1.35",
"1.1.36",
"1.1.37",
"1.1.38",
"1.1.39",
"1.1.40",
"1.1.41",
"1.1.42",
"1.1.43",
"1.2.44",
"1.2.45",
"1.2.46",
"1.2.47",
"1.2.48",
"1.2.49",
"1.2.50",
"1.3.51",
"1.3.52",
"1.3.53",
"1.3.54",
"1.3.55",
"1.3.56",
"1.3.57",
"1.3.58",
"1.3.59",
"1.3.60",
"1.3.61",
"1.3.62",
"1.4.63",
"1.4.64",
"1.4.65",
"1.4.66",
"1.5.67",
"1.5.68",
"1.6.69",
"1.6.70",
"1.6.71",
"1.6.72",
"1.6.73",
"1.6.74",
"1.6.75",
"1.6.76",
"1.6.77",
"1.6.78",
"1.6.79",
"1.6.80",
"1.6.81",
"1.6.82",
"1.6.83",
"1.7.0.dev878",
"1.7.0.dev879",
"1.7.0.dev880",
"1.7.0.dev881",
"1.7.0.dev882",
"1.7.0.dev883",
"1.7.0.dev884",
"1.7.0.dev885",
"1.7.0.dev886",
"1.7.0.dev887",
"1.7.0.dev888",
"1.7.0.dev889",
"1.7.0.dev890",
"1.7.0.dev891",
"1.7.0.dev892",
"1.7.0.dev893",
"1.7.0.dev894",
"1.7.0.dev895",
"1.7.0.dev896",
"1.7.0.dev897",
"1.7.0.dev898",
"1.7.0.dev899",
"1.7.0.dev900",
"1.7.0.dev901",
"1.7.0.dev902",
"1.7.0.dev903",
"1.7.0.dev904",
"1.7.0.dev905",
"1.7.0.dev906",
"1.7.0.dev907",
"1.7.0.dev908",
"1.7.0.dev909",
"1.7.0.dev910",
"1.7.0.dev911",
"1.7.0.dev912",
"1.7.0.dev913",
"1.7.0.dev914",
"1.7.0",
"1.7.1",
"1.8.0.dev915",
"1.8.0.dev916",
"1.8.0.dev917",
"1.8.0.dev918",
"1.8.0.dev919",
"1.8.0.dev920",
"1.8.0.dev921",
"1.8.0.dev922",
"1.8.0.dev923",
"1.8.0.dev924",
"1.8.0.dev925",
"1.8.0.dev926",
"1.8.0.dev927",
"1.8.0.dev928",
"1.8.0.dev929",
"1.8.0.dev930",
"1.8.0.dev931",
"1.8.0.dev932",
"1.8.0.dev933",
"1.8.0.dev934",
"1.8.0.dev935",
"1.8.0.dev936",
"1.8.0.dev937",
"1.8.0.dev938",
"1.8.0.dev939",
"1.8.0.dev940",
"1.8.0.dev941",
"1.8.0.dev942",
"1.8.0.dev943",
"1.8.0.dev944",
"1.8.0.dev945",
"1.8.0.dev946",
"1.8.0.dev947",
"1.8.0.dev948",
"1.8.0.dev951",
"1.8.0.dev952",
"1.8.0.dev953",
"1.8.0.dev954",
"1.8.0.dev955",
"1.8.0.dev956",
"1.8.0.dev957",
"1.8.0.dev958",
"1.8.0.dev959",
"1.8.0.dev960",
"1.8.0.dev961",
"1.8.0.dev963",
"1.8.0.dev964",
"1.8.0.dev965",
"1.8.0.dev966",
"1.8.0.dev967",
"1.8.0.dev968",
"1.8.0.dev969",
"1.8.0.dev970",
"1.8.0.dev971",
"1.8.0.dev972",
"1.8.0.dev975",
"1.8.0.dev977",
"1.8.0.dev978",
"1.8.0.dev979",
"1.8.0.dev980",
"1.8.0.dev981",
"1.8.0.dev982",
"1.8.0.dev983",
"1.8.0.dev984",
"1.8.0rc1",
"1.8.0rc2",
"1.8.0",
"1.8.1rc1",
"1.8.1",
"1.9.0.dev985",
"1.9.0.dev986",
"1.9.0.dev987",
"1.9.0.dev988",
"1.9.0.dev989",
"1.9.0.dev990",
"1.9.0.dev991",
"1.9.0.dev992",
"1.9.0.dev993",
"1.9.0.dev994",
"1.9.0.dev995",
"1.9.0.dev996",
"1.9.0.dev997",
"1.9.0.dev998",
"1.9.0.dev999",
"1.9.0.dev1000",
"1.9.0.dev1001",
"1.9.0.dev1002",
"1.9.0.dev1003",
"1.9.0.dev1004",
"1.9.0.dev1005",
"1.9.0.dev1006",
"1.9.0.dev1007",
"1.9.0.dev1008",
"1.9.0.dev1009",
"1.9.0.dev1010",
"1.9.0.dev1011",
"1.9.0.dev1012",
"1.9.0.dev1013",
"1.9.0.dev1014",
"1.9.0.dev1016",
"1.9.0.dev1017",
"1.9.0.dev1018",
"1.9.0.dev1019",
"1.9.0.dev1020",
"1.9.0.dev1021",
"1.9.0.dev1022",
"1.9.0.dev1023",
"1.9.0.dev1024",
"1.9.0.dev1025",
"1.9.0.dev1026",
"1.9.0.dev1027",
"1.9.0.dev1028",
"1.9.0.dev1029",
"1.9.0.dev1030",
"1.9.0.dev1031",
"1.9.0.dev1032",
"1.9.0.dev1033",
"1.9.0.dev1034",
"1.9.0.dev1035",
"1.9.0.dev1036",
"1.9.0.dev1037",
"1.9.0.dev1038",
"1.9.0.dev1039",
"1.9.0rc1",
"1.9.0rc2",
"1.9.0rc3",
"1.9.0rc4",
"1.9.0",
"1.9.1.dev1040",
"1.9.1.dev1041",
"1.9.1.dev1042",
"1.9.1.dev1043",
"1.9.1.dev1044",
"1.9.1.dev1045",
"1.9.1.dev1046",
"1.9.1.dev1047",
"1.9.1.dev1048",
"1.9.1.dev1049",
"1.9.1rc1",
"1.9.1",
"1.9.2.dev1050",
"1.9.2.dev1051",
"1.9.2.dev1052",
"1.9.2.dev1053",
"1.9.2.dev1054",
"1.9.2.dev1055",
"1.9.2.dev1056",
"1.9.2.dev1057",
"1.9.2.dev1058",
"1.9.2.dev1059",
"1.9.2.dev1060",
"1.9.2.dev1061",
"1.9.2.dev1062",
"1.9.2.dev1063",
"1.9.2.dev1064",
"1.9.2.dev1065",
"1.9.2.dev1066",
"1.9.2.dev1067",
"1.9.2.dev1068",
"1.9.2.dev1069",
"1.9.2rc1",
"1.9.2",
"1.10.0.dev1070",
"1.10.0.dev1071",
"1.10.0.dev1072",
"1.10.0.dev1073",
"1.10.0.dev1074",
"1.10.0.dev1075",
"1.10.0.dev1076",
"1.10.0.dev1077",
"1.10.0.dev1078",
"1.10.0.dev1079",
"1.10.0.dev1080",
"1.10.0.dev1081",
"1.10.0.dev1082",
"1.10.0.dev1083",
"1.10.0.dev1084",
"1.10.0.dev1085",
"1.10.0.dev1086",
"1.10.0.dev1087",
"1.10.0.dev1088",
"1.10.0.dev1089",
"1.10.0.dev1090",
"1.10.0.dev1091",
"1.10.0.dev1092",
"1.10.0.dev1093",
"1.10.0.dev1094",
"1.10.0.dev1095",
"1.10.0.dev1096",
"1.10.0.dev1097",
"1.10.0.dev1098",
"1.10.0rc1",
"1.10.0",
"1.11.0.dev1099",
"1.11.0.dev1100",
"1.11.0.dev1101",
"1.11.0.dev1102",
"1.11.0.dev1103",
"1.11.0.dev1104",
"1.11.0.dev1105",
"1.11.0.dev1106",
"1.11.0.dev1107",
"1.11.0.dev1108",
"1.11.0.dev1109",
"1.11.0.dev1110",
"1.11.0.dev1111",
"1.11.0.dev1112",
"1.11.0.dev1113",
"1.11.0.dev1114",
"1.11.0.dev1115",
"1.11.0.dev1116",
"1.11.0.dev1117",
"1.11.0.dev1118",
"1.11.0.dev1119",
"1.11.0.dev1120",
"1.11.0.dev1121",
"1.11.0.dev1122",
"1.11.0.dev1123",
"1.11.0rc1",
"1.11.0",
"1.12.0.dev1124",
"1.12.0.dev1125",
"1.12.0.dev1126",
"1.12.0.dev1127",
"1.12.0.dev1128",
"1.12.0.dev1129",
"1.12.0.dev1130",
"1.12.0.dev1131",
"1.12.0.dev1132",
"1.12.0.dev1133",
"1.12.0.dev1134",
"1.12.0.dev1135",
"1.12.0.dev1136",
"1.12.0.dev1137",
"1.12.0.dev1138",
"1.12.0.dev1139",
"1.12.0.dev1140",
"1.12.0.dev1141",
"1.12.0.dev1142",
"1.12.0.dev1143",
"1.12.0.dev1144",
"1.12.0.dev1145",
"1.12.0rc1",
"1.12.0",
"1.12.1.dev1146",
"1.12.1.dev1147",
"1.12.1.dev1148",
"1.12.1.dev1149",
"1.12.1.dev1150",
"1.12.1.dev1151",
"1.12.1.dev1152",
"1.12.1.dev1153",
"1.12.1.dev1154",
"1.12.1.dev1155",
"1.12.1.dev1156",
"1.12.1.dev1157",
"1.12.1.dev1158",
"1.12.1.dev1159",
"1.12.1.dev1160",
"1.12.1.dev1161",
"1.12.1.dev1162",
"1.12.1.dev1163",
"1.12.1.dev1164",
"1.12.1.dev1165",
"1.12.1.dev1166",
"1.12.1.dev1167",
"1.12.1.dev1168",
"1.12.1.dev1169",
"1.12.1.dev1170",
"1.12.1.dev1171",
"1.12.1.dev1172",
"1.12.1.dev1173",
"1.12.1.dev1174",
"1.12.1.dev1175",
"1.12.1.dev1176",
"1.12.1.dev1177",
"1.12.1.dev1178",
"1.12.1.dev1179",
"1.12.1rc1",
"1.12.1",
"1.12.2.dev1180",
"1.12.2.dev1181",
"1.12.2.dev1182",
"1.12.2.dev1183",
"1.12.2.dev1184",
"1.12.2.dev1185",
"1.12.2.dev1186",
"1.12.2.dev1187",
"1.12.2.dev1188",
"1.12.2.dev1189",
"1.12.2.dev1190",
"1.12.2.dev1191",
"1.12.2.dev1192",
"1.12.2.dev1193",
"1.12.2.dev1194",
"1.12.2.dev1195",
"1.12.2rc1",
"1.12.2",
"1.12.3rc1"
]
}
],
"aliases": [
"CVE-2020-11090",
"GHSA-3gw4-m5w7-v89c"
],
"details": "In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.",
"id": "PYSEC-2020-47",
"modified": "2020-06-22T16:36:00Z",
"published": "2020-06-11T00:15:00Z",
"references": [
{
"type": "PACKAGE",
"url": "https://pypi.org/project/indy-node/1.12.3/"
},
{
"type": "ADVISORY",
"url": "https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c"
},
{
"type": "WEB",
"url": "https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…