CVE-2024-31209

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-31209

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-31209.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-31209

Aliases

GHSA-mj35-2rgf-cv8p

Published

2024-04-04T16:04:43Z

Modified

2025-10-20T20:20:14.421984Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H CVSS Calculator

Summary

OpenID Connect client Atom Exhaustion in provider configuration worker ets table location

Details

oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling oidcc_provider_configuration_worker:get_provider_configuration/1 or oidcc_provider_configuration_worker:get_jwks/1. This issue has been patched in version(s)3.1.2 & 3.2.0-beta.3.

Database specific

{
    "cwe_ids": [
        "CWE-400"
    ]
}

References

Affected packages

Git / github.com/erlef/oidcc

Affected ranges

Type: GIT
Repo: https://github.com/erlef/oidcc
Events: Introduced

d14e5feb85515f397d344be44c58044c15b3318e

Fixed

2463579d1d76fa74e4086a7c1a45fd963eca2add

Type: GIT
Repo: https://github.com/erlef/oidcc
Events: Introduced

6d28af86770dccde52b53659b16baa6783fefae9

Fixed

feb21ec6c89bfad87208551b31e7da9be24eb6ef

Type: GIT
Repo: https://github.com/erlef/oidcc
Events: Introduced

3a5da3c8d39770a20e5297dc71d22e8d049f918b

Fixed

62e438f15c70c6687fd58bd175c0794bfd8a2db1

Affected versions

v3.*

v3.2.0-beta.1

v3.2.0-beta.2