CVE-2024-27101

{"id": "CVE-2024-27101", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}, "impactScore": 5.8, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 5.2, "exploitabilityScore": 3.9}]}, "published": "2024-03-01T21:15:08.593", "references": [{"url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-190"}]}], "descriptions": [{"lang": "en", "value": "SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2."}, {"lang": "es", "value": "SpiceDB es una base de datos de c\u00f3digo abierto inspirada en Google Zanz\u00edbar para crear y administrar permisos de aplicaciones cr\u00edticas para la seguridad. El desbordamiento de enteros en el asistente de fragmentaci\u00f3n hace que el env\u00edo pierda elementos o entre en p\u00e1nico. Este problema afecta a cualquier cl\u00faster de SpiceDB con cualquier esquema en el que un recurso que se est\u00e9 comprobando tenga m\u00e1s de 65535 relaciones para el mismo recurso y tipo de asunto. Los m\u00e9todos API CheckPermission, BulkCheckPermission y LookupSubjects se ven afectados. Esta vulnerabilidad se solucion\u00f3 en 1.29.2."}], "lastModified": "2025-09-02T21:42:21.847", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:authzed:spicedb:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "03756389-64E1-4C0D-860A-1CA31338F8E0", "versionEndExcluding": "1.29.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}