Integer Overflow in Chunking Helper Causes Dispatching Issues
CVE-2024-27101

7.3HIGH

Key Information:

Vendor: Authzed
Status: Spicedb
Vendor: CVE Published:; 1 March 2024

What is CVE-2024-27101?

SpiceDB, a database inspired by Google Zanzibar, is designed for managing security-critical application permissions. This vulnerability is triggered by an integer overflow occurring in the chunking helper, which may cause permission dispatching errors or system panic. The vulnerability impacts any SpiceDB cluster that utilizes a schema where a resource has more than 65,535 relationships for the same resource and subject type. The affected API methods include CheckPermission, BulkCheckPermission, and LookupSubjects. Users are urged to upgrade to version 1.29.2 or later to mitigate this issue.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

spicedb < 1.29.2

References

https://github.com/authzed/spicedb/security/advisories/GH...

x_refsource_CONFIRM

https://github.com/authzed/spicedb/commit/ef443c442b96909...

x_refsource_MISC

CVSS V3.1

Score:

7.3

Severity:

HIGH

Confidentiality:

None

Integrity:

High

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

High

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Mar 1, 2024
Vulnerability Reserved
Feb 19, 2024

JSON

Authzed

What is CVE-2024-27101?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.