How severe is CVE-2024-27101?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.3 out of 10.

What type of vulnerability is CVE-2024-27101?

This is classified as CWE-190, which is a common weakness in software security.

CVE-2024-27101 - HIGH Severity | CVSS 7.3

Vulnerability Description

SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.

Related Vulnerabilities

CVE-2014-4608

HIGH

CVSS:7.3(High)

Multiple integer overflows in the lzo1x_decompress_safe function in lib/lzo/lzo1x_decompress_safe.c in the LZO decompressor in the Linux kernel before 3.15.2 allow context-dependent attackers to cause...

CWE-1902014

CVE-2015-8387

HIGH

CVSS:7.3(High)

PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impac...

CWE-1902015

CVE-2017-15836

HIGH

CVSS:7.3(High)

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, if the firmware sends a service ready...

CWE-1902017

CVE-2018-5144

HIGH

CVSS:7.3(High)

An integer overflow can occur during conversion of text to some Unicode character sets due to an unchecked length parameter. This vulnerability affects Firefox ESR < 52.7 and Thunderbird < 52.7.

CWE-1902018

CVE-2018-5820

HIGH

CVSS:7.3(High)

In Qualcomm Android for MSM, Firefox OS for MSM, and QRD Android with all Android releases from CAF using the Linux kernel before security patch level 2018-04-05, in the function wma_tbttoffset_update...

CWE-1902018

CVE-2020-11904

HIGH

CVSS:7.3(High)

The Treck TCP/IP stack before 6.0.1.66 has an Integer Overflow during Memory Allocation that causes an Out-of-Bounds Write.

CWE-1902020