CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23820

OpenFGA, an authorization/permission engine, is vulnerable to a denial of service attack in versions prior to 1.4.3. In some scenarios that depend on the model and tuples used, a call to `ListObjects` may not release memory properly. So when a sufficiently high number of those calls are executed, the OpenFGA server can create an `out of memory` error and terminate. Version 1.4.3 contains a patch for this issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 21.7%

CVSS Severity

CVSS v3 Score 5.3

References

Products affected by CVE-2024-23820

Openfga » Openfga » Version: 0.0.1

cpe:2.3:a:openfga:openfga:0.0.1
Openfga » Openfga » Version: 0.0.2

cpe:2.3:a:openfga:openfga:0.0.2
Openfga » Openfga » Version: 0.1.0

cpe:2.3:a:openfga:openfga:0.1.0
Openfga » Openfga » Version: 0.1.1

cpe:2.3:a:openfga:openfga:0.1.1
Openfga » Openfga » Version: 0.1.2

cpe:2.3:a:openfga:openfga:0.1.2
Openfga » Openfga » Version: 0.1.4

cpe:2.3:a:openfga:openfga:0.1.4
Openfga » Openfga » Version: 0.1.5

cpe:2.3:a:openfga:openfga:0.1.5
Openfga » Openfga » Version: 0.1.6

cpe:2.3:a:openfga:openfga:0.1.6
Openfga » Openfga » Version: 0.1.7

cpe:2.3:a:openfga:openfga:0.1.7
Openfga » Openfga » Version: 0.2.0

cpe:2.3:a:openfga:openfga:0.2.0
Openfga » Openfga » Version: 0.2.1

cpe:2.3:a:openfga:openfga:0.2.1
Openfga » Openfga » Version: 0.2.2

cpe:2.3:a:openfga:openfga:0.2.2
Openfga » Openfga » Version: 0.2.3

cpe:2.3:a:openfga:openfga:0.2.3
Openfga » Openfga » Version: 0.2.4

cpe:2.3:a:openfga:openfga:0.2.4
Openfga » Openfga » Version: 0.2.5

cpe:2.3:a:openfga:openfga:0.2.5
Openfga » Openfga » Version: 0.3.0

cpe:2.3:a:openfga:openfga:0.3.0
Openfga » Openfga » Version: 0.3.1

cpe:2.3:a:openfga:openfga:0.3.1
Openfga » Openfga » Version: 0.3.2

cpe:2.3:a:openfga:openfga:0.3.2
Openfga » Openfga » Version: 0.3.3

cpe:2.3:a:openfga:openfga:0.3.3
Openfga » Openfga » Version: 0.3.4

cpe:2.3:a:openfga:openfga:0.3.4
Openfga » Openfga » Version: 0.3.5

cpe:2.3:a:openfga:openfga:0.3.5
Openfga » Openfga » Version: 0.3.6

cpe:2.3:a:openfga:openfga:0.3.6
Openfga » Openfga » Version: 0.3.7

cpe:2.3:a:openfga:openfga:0.3.7
Openfga » Openfga » Version: 0.4.0

cpe:2.3:a:openfga:openfga:0.4.0
Openfga » Openfga » Version: 0.4.1

cpe:2.3:a:openfga:openfga:0.4.1
Openfga » Openfga » Version: 0.4.2

cpe:2.3:a:openfga:openfga:0.4.2
Openfga » Openfga » Version: 0.4.3

cpe:2.3:a:openfga:openfga:0.4.3
Openfga » Openfga » Version: 1.0.0

cpe:2.3:a:openfga:openfga:1.0.0
Openfga » Openfga » Version: 1.0.1

cpe:2.3:a:openfga:openfga:1.0.1
Openfga » Openfga » Version: 1.1.0

cpe:2.3:a:openfga:openfga:1.1.0
Openfga » Openfga » Version: 1.1.1

cpe:2.3:a:openfga:openfga:1.1.1
Openfga » Openfga » Version: 1.2.0

cpe:2.3:a:openfga:openfga:1.2.0
Openfga » Openfga » Version: 1.3.0

cpe:2.3:a:openfga:openfga:1.3.0
Openfga » Openfga » Version: 1.3.1

cpe:2.3:a:openfga:openfga:1.3.1
Openfga » Openfga » Version: 1.3.10

cpe:2.3:a:openfga:openfga:1.3.10
Openfga » Openfga » Version: 1.3.2

cpe:2.3:a:openfga:openfga:1.3.2
Openfga » Openfga » Version: 1.3.3

cpe:2.3:a:openfga:openfga:1.3.3
Openfga » Openfga » Version: 1.3.4

cpe:2.3:a:openfga:openfga:1.3.4
Openfga » Openfga » Version: 1.3.5

cpe:2.3:a:openfga:openfga:1.3.5
Openfga » Openfga » Version: 1.3.6

cpe:2.3:a:openfga:openfga:1.3.6
Openfga » Openfga » Version: 1.3.7

cpe:2.3:a:openfga:openfga:1.3.7
Openfga » Openfga » Version: 1.3.8

cpe:2.3:a:openfga:openfga:1.3.8
Openfga » Openfga » Version: 1.3.9

cpe:2.3:a:openfga:openfga:1.3.9
Openfga » Openfga » Version: 1.4.0

cpe:2.3:a:openfga:openfga:1.4.0
Openfga » Openfga » Version: 1.4.1

cpe:2.3:a:openfga:openfga:1.4.1
Openfga » Openfga » Version: 1.4.2

cpe:2.3:a:openfga:openfga:1.4.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-23820

Products

Pricing

Contact Us