Medium severity5.3OSV Advisory· Published Apr 4, 2024· Updated Apr 15, 2026
CVE-2024-31209
CVE-2024-31209
Description
oidcc is the OpenID Connect client library for Erlang. Denial of Service (DoS) by Atom exhaustion is possible by calling oidcc_provider_configuration_worker:get_provider_configuration/1 or oidcc_provider_configuration_worker:get_jwks/1. This issue has been patched in version(s)3.1.2 & 3.2.0-beta.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
oidccHex | >= 3.0.0, < 3.0.2 | 3.0.2 |
oidccHex | >= 3.1.0, < 3.1.2 | 3.1.2 |
oidccHex | >= 3.2.0-beta.1, < 3.2.0-beta.3 | 3.2.0-beta.3 |
Affected products
2Patches
Vulnerability mechanics
References
8- github.com/advisories/GHSA-mj35-2rgf-cv8pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-31209ghsaADVISORY
- erlef.github.io/security-wg/secure_coding_and_deployment_hardening/atom_exhaustion.htmlghsaWEB
- github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erlnvdWEB
- github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355cnvdWEB
- github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649nvdWEB
- github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1anvdWEB
- github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8pnvdWEB
News mentions
0No linked articles in our index yet.