Java: Infinispan Unmarshal OOM DoS from Circular Object Ref
CVE-2023-5236 Published on December 18, 2023
Infinispan: circular reference on marshalling leads to dos
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
Vulnerability Analysis
CVE-2023-5236 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.
Timeline
Reported to Red Hat.
Made public. 188 days later.
Products Associated with CVE-2023-5236
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5236 are published in these products:
Affected Versions
Red Hat Data Grid 8.4.4: Red Hat build of Apache Camel 4 for Quarkus 3: Red Hat build of Apache Camel 4 for Quarkus 3: Red Hat build of Apache Camel 4 for Quarkus 3: Red Hat build of Apache Camel for Spring Boot 4: Red Hat build of Apache Camel for Spring Boot 4: Red Hat build of Apache Camel for Spring Boot 4: Red Hat build of Debezium 2: Red Hat build of Debezium 2: Red Hat build of Debezium 2: Red Hat build of Debezium 3: Red Hat build of Debezium 3: Red Hat build of Debezium 3: Red Hat build of Quarkus: Red Hat build of Quarkus: Red Hat build of Quarkus: Red Hat Data Grid 8: Red Hat Data Grid 8: Red Hat Data Grid 8: Red Hat Data Grid 8: Red Hat Fuse 7: Red Hat Fuse 7: Red Hat Fuse 7: Red Hat JBoss Enterprise Application Platform 7: Red Hat JBoss Enterprise Application Platform 7: Red Hat JBoss Enterprise Application Platform 7: Red Hat JBoss Enterprise Application Platform 7: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform 8: Red Hat JBoss Enterprise Application Platform Expansion Pack: Red Hat JBoss Enterprise Application Platform Expansion Pack: Red Hat JBoss Enterprise Application Platform Expansion Pack: Red Hat JBoss Enterprise Application Platform Expansion Pack: Red Hat Process Automation 7: Red Hat Single Sign-On 7: Red Hat Single Sign-On 7:Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.