SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical application permissions. Integer overflow in chunking helper causes dispatching to miss elements or panic. Any SpiceDB cluster with any schema where a resource being checked has more than 65535 relationships for the same resource and subject type is affected by this problem. The CheckPermission, BulkCheckPermission, and LookupSubjects API methods are affected. This vulnerability is fixed in 1.29.2.
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:N/I:H/A:HAuthzed Spicedb
APPAuthzed< 1.29.2
Related vulnerabilities
SpiceDB is an open source, Google Zanzibar-inspired, database system for creating and managing security-critic...
SpiceDB is a database system for managing security-critical application permissions. Any user making use of a ...
SpiceDB is an open source database system for creating and managing security-critical application permissions....
SpiceDB is an open source, Google Zanzibar-inspired database for creating and managing security-critical appli...
SpiceDB to open source'owy system bazy danych do tworzenia i zarządzania uprawnieniami krytycznymi dla bezpiec...