CVE-2023-5236Modules with Circular Dependencies in Redhat Data Grid

CWE-1047Modules with Circular Dependencies5 documents5 sources
Severity
6.5MEDIUMNVD
CNA4.4
EPSS
0.1%
top 78.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Redhat Data Grid
Timeline
PublishedDec 18
Latest updateDec 28

Description

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

NVDredhat/data_grid< 8.4.4

🔴Vulnerability Details

3
OSV
Infinispan circular object references causes out of memory errors2023-12-28
GHSA
Infinispan circular object references causes out of memory errors2023-12-28
CVEList
Infinispan: circular reference on marshalling leads to dos2023-12-18

📋Vendor Advisories

1
Red Hat
infinispan: circular reference on marshalling leads to DoS2023-09-27
CVE-2023-5236 — Modules with Circular Dependencies | cvebase