9.1
CVE-2024-27101
- EPSS 0.46%
- Veröffentlicht 01.03.2024 21:15:08
- Zuletzt bearbeitet 02.09.2025 21:42:21
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginInteger overflow in chunking helper causes dispatching to miss elements or panic
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.46% | 0.361 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.1 | 3.9 | 5.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
|
| security-advisories@github.com | 7.3 | 1 | 5.8 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe
https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p