CVE-2024-23820

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 26, 2024

Updated: Feb 1, 2024

CWE ID 770

CWE ID 401

Summary

CVE-2024-23820 is a denial-of-service vulnerability affecting OpenFGA, an authorization/permission engine, prior to version 1.4.3. The issue arises when a call to `ListObjects` fails to properly release memory. When this situation occurs frequently, due to specific model and tuple combinations, the OpenFGA server can trigger an "out of memory" error and subsequently terminate. Version 1.4.3 includes a patch to address this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenFGA

Affected Vendors

Openfga

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uPuAt2
https://www.cve.org/CVERecord?id=CVE-2024-23820
https://nvd.nist.gov/vuln/detail/CVE-2024-23820

Back to Vulnerability Database