{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-27101", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-02-19T14:43:05.994Z", "datePublished": "2024-03-01T21:01:39.049Z", "dateUpdated": "2025-04-16T20:46:45.603Z"}, "containers": {"cna": {"title": "Integer overflow in chunking helper causes dispatching to miss elements or panic", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "lang": "en", "description": "CWE-190: Integer Overflow or Wraparound", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p"}, {"name": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "tags": ["x_refsource_MISC"], "url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe"}], "affected": [{"vendor": "authzed", "product": "spicedb", "versions": [{"version": "< 1.29.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-01T21:01:39.049Z"}, "descriptions": [{"lang": "en", "value": "SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2."}], "source": {"advisory": "GHSA-h3m7-rqc4-7h9p", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-03-06T15:27:55.622555Z", "id": "CVE-2024-27101", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-16T20:46:45.603Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.368Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p"}, {"name": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "name": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "name": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T00:27:59.368Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-27101", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-03-06T15:27:55.622555Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-05-23T19:01:11.679Z"}}], "cna": {"title": "Integer overflow in chunking helper causes dispatching to miss elements or panic", "source": {"advisory": "GHSA-h3m7-rqc4-7h9p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "authzed", "product": "spicedb", "versions": [{"status": "affected", "version": "< 1.29.2"}]}], "references": [{"url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "name": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "name": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-190", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-03-01T21:01:39.049Z"}}}, "cveMetadata": {"cveId": "CVE-2024-27101", "state": "PUBLISHED", "dateUpdated": "2025-04-16T20:46:45.603Z", "dateReserved": "2024-02-19T14:43:05.994Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-03-01T21:01:39.049Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:authzed:spicedb:*:*:*:*:*:*:*:*", "matchCriteriaId": "03756389-64E1-4C0D-860A-1CA31338F8E0", "versionEndExcluding": "1.29.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2."}, {"lang": "es", "value": "SpiceDB es una base de datos de c\u00f3digo abierto inspirada en Google Zanz\u00edbar para crear y administrar permisos de aplicaciones cr\u00edticas para la seguridad. El desbordamiento de enteros en el asistente de fragmentaci\u00f3n hace que el env\u00edo pierda elementos o entre en p\u00e1nico. Este problema afecta a cualquier cl\u00faster de SpiceDB con cualquier esquema en el que un recurso que se est\u00e9 comprobando tenga m\u00e1s de 65535 relaciones para el mismo recurso y tipo de asunto. Los m\u00e9todos API CheckPermission, BulkCheckPermission y LookupSubjects se ven afectados. Esta vulnerabilidad se solucion\u00f3 en 1.29.2."}], "id": "CVE-2024-27101", "lastModified": "2025-09-02T21:42:21.847", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.8, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-03-01T21:15:08.593", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"created": "2025-07-13T11:13:53.740178+00:00", "updated": "2025-07-13T11:13:53.740235+00:00", "vendors": ["authzed", "authzed$PRODUCT$spicedb"]}