Vulnerability Details CVE-2020-11090
In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123
- https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c
- https://pypi.org/project/indy-node/1.12.3/
- https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md#1123
- https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c
- https://pypi.org/project/indy-node/1.12.3/
Products affected by CVE-2020-11090
-
cpe:2.3:a:linuxfoundation:indy-node:1.12.2