ghsa-h3m7-rqc4-7h9p
Vulnerability from github
Published
2024-03-01 23:32
Modified
2024-03-01 23:32
Severity ?
7.3 (High) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H
Summary
Integer overflow in chunking helper causes dispatching to miss elements or panic
Details

Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem.

The issue may also lead to a panic rendering the server unavailable

The following API methods are affected: - CheckPermission - BulkCheckPermission - LookupSubjects

Impact

Permission checks that are expected to be allowed are instead denied, and lookup subjects will return fewer subjects than expected.

Workarounds

There is no workaround other than making sure that the SpiceDB cluster does not have very wide relations, with the maximum value being the maximum value of an 16-bit unsigned integer

Remediations

  • AuthZed Dedicated customers: No action. AuthZed has upgraded all deployments.
  • AuthZed Serverless customers: No Action. AuthZed has upgraded all deployments.
  • AuthZed Enterprise customers: Upgrade to v1.29.2-hotfix-enterprise.v1.hotfix.v1
  • Open Source users: Upgrade to v1.29.2
Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "github.com/authzed/spicedb"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.29.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-27101"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-190"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-03-01T23:32:10Z",
    "nvd_published_at": "2024-03-01T21:15:08Z",
    "severity": "HIGH"
  },
  "details": "Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem.\n\nThe issue may also lead to a panic rendering the server unavailable\n\nThe following API methods are affected:\n- [CheckPermission](https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.CheckPermission)\n- [BulkCheckPermission](https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.ExperimentalService.BulkCheckPermission)\n- [LookupSubjects](https://buf.build/authzed/api/docs/main:authzed.api.v1#authzed.api.v1.PermissionsService.LookupSubjects)\n\n#### Impact\n\nPermission checks that are expected to be allowed are instead denied, and lookup subjects will return fewer subjects than expected.\n\n#### Workarounds\n\nThere is no workaround other than making sure that the SpiceDB cluster does not have very wide relations, with the maximum value being the maximum value of an 16-bit unsigned integer\n\n#### Remediations\n\n- AuthZed Dedicated customers: No action. AuthZed has upgraded all deployments.\n- AuthZed Serverless customers: No Action. AuthZed has upgraded all deployments.\n- AuthZed Enterprise customers: Upgrade to [v1.29.2-hotfix-enterprise.v1.hotfix.v1](https://github.com/authzed-enterprise/src/pkgs/container/spicedb-enterprise/182719614?tag=v1.29.2-hotfix-enterprise.v1.hotfix.v1)\n - Open Source users: Upgrade to v1.29.2",
  "id": "GHSA-h3m7-rqc4-7h9p",
  "modified": "2024-03-01T23:32:10Z",
  "published": "2024-03-01T23:32:10Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/authzed/spicedb/security/advisories/GHSA-h3m7-rqc4-7h9p"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-27101"
    },
    {
      "type": "WEB",
      "url": "https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/authzed/spicedb"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Integer overflow in chunking helper causes dispatching to miss elements or panic"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.