CVE-2020-11090 Information

Description

In Indy Node 1.12.2 there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

https://github.com/hyperledger/indy-node/blob/master/CHANGELOG.md1123 https://github.com/hyperledger/indy-node/security/advisories/GHSA-3gw4-m5w7-v89c https://pypi.org/project/indy-node/1.12.3/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5