CVE-2024-31209 OpenID Connect client Atom Exhaustion in provider configuration worker ets table location

🗓️ 04 Apr 2024 16:04:43Reported by GoogleType

osv🔗 osv.dev👁 10 Views

OpenID Connect client library for Erlang faces DoS risk due to Atom exhaustion in oidcc_provider_configuration_worker:get_provider_configuration/1 and oidcc_provider_configuration_worker:get_jwks/1. Patched in version(s) 3.1.2 and 3.2.0-beta.3

Reporter	Title	Published	Views	Family All 10
CNNVD	oidcc 安全漏洞	4 Apr 202400:00	–	cnnvd
CVE	CVE-2024-31209	4 Apr 202416:04	–	cve
Cvelist	CVE-2024-31209 OpenID Connect client Atom Exhaustion in provider configuration worker ets table location	4 Apr 202416:04	–	cvelist
EUVD	EUVD-2024-1249	3 Oct 202520:07	–	euvd
Github Security Blog	OpenID Connect client Atom Exhaustion in provider configuration worker ets table location	3 Apr 202416:46	–	github
NVD	CVE-2024-31209	4 Apr 202416:15	–	nvd
OSV	GHSA-MJ35-2RGF-CV8P OpenID Connect client Atom Exhaustion in provider configuration worker ets table location	3 Apr 202416:46	–	osv
Positive Technologies	PT-2024-23852 · Oidcc · Oidcc	3 Apr 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-31209	23 May 202510:08	–	redhatcve
Vulnrichment	CVE-2024-31209 OpenID Connect client Atom Exhaustion in provider configuration worker ets table location	4 Apr 202416:04	–	vulnrichment

Source	Link
github	www.github.com/erlef/oidcc/blob/018dbb53dd752cb1e331637d8e0e6a489ba1fae9/src/oidcc_provider_configuration_worker.erl
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31209.json
github	www.github.com/erlef/oidcc/security/advisories/GHSA-mj35-2rgf-cv8p
nvd	www.nvd.nist.gov/vuln/detail/CVE-2024-31209
github	www.github.com/erlef/oidcc/commit/2f304d877c7e0613d6fd952d7feacbf40dbc355c
github	www.github.com/erlef/oidcc/commit/48171fb62688fb4eec1ead0884aa501e0aa68649
github	www.github.com/erlef/oidcc/commit/ac458ed88dc292aad6fa7343f6a53e73c560fb1a

10 Apr 2026 05:12Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.15.3

EPSS0.00021