SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
References
Configurations
No configuration.
History
21 Nov 2024, 09:03
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe - | |
References | () https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p - | |
Summary |
|
01 Mar 2024, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-03-01 21:15
Updated : 2024-11-21 09:03
NVD link : CVE-2024-27101
Mitre link : CVE-2024-27101
CVE.ORG link : CVE-2024-27101
JSON object : View
Products Affected
No product.
CWE
CWE-190
Integer Overflow or Wraparound