CVE-2024-27101

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-27101
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.

7.3 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe
https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p
https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe
https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p
Configurations

No configuration.

History

21 Nov 2024, 09:03

Type Values Removed Values Added
Summary
  • (es) SpiceDB es una base de datos de código abierto inspirada en Google Zanzíbar para crear y administrar permisos de aplicaciones críticas para la seguridad. El desbordamiento de enteros en el asistente de fragmentación hace que el envío pierda elementos o entre en pánico. Este problema afecta a cualquier clúster de SpiceDB con cualquier esquema en el que un recurso que se esté comprobando tenga más de 65535 relaciones para el mismo recurso y tipo de asunto. Los métodos API CheckPermission, BulkCheckPermission y LookupSubjects se ven afectados. Esta vulnerabilidad se solucionó en 1.29.2.
References () https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe - () https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe -
References () https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p - () https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p -

01 Mar 2024, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-01 21:15

Updated : 2024-11-21 09:03

NVD link : CVE-2024-27101

Mitre link : CVE-2024-27101

CVE.ORG link : CVE-2024-27101

JSON object : View

Products Affected

No product.

CWE
CWE-190

Integer Overflow or Wraparound


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024