CVE-2020-11090 HIGH

CVE-2020-11090: Uncontrolled Resource Consumption in Indy Node

Vendor Hyperledger
Product Indy Node
Weakness CWE-400
Published June 11, 2020
Last update August 4, 2024

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

In Indy Node 1.12.2, there is an Uncontrolled Resource Consumption vulnerability. Indy Node has a bug in TAA handling code. The current primary can be crashed with a malformed transaction from a client, which leads to a view change. Repeated rapid view changes have the potential of bringing down the network. This is fixed in version 1.12.3.

Key dates

02Disclosure timeline

June 11, 2020 CVE published
August 4, 2024 Record updated