GitHub Advisory DatabaseGHSA-488M-W9FP-5MM2Infinispan circular object references causes out of memory errors
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
21.3%
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| org.infinispan.protostream | protostream | * | cpe:2.3:a:org.infinispan.protostream:protostream:*:*:*:*:*:*:*:* |
References
access.redhat.com/errata/RHSA-2023:5396
access.redhat.com/security/cve/CVE-2023-5236
bugzilla.redhat.com/show_bug.cgi?id=2240999
github.com/advisories/GHSA-488m-w9fp-5mm2
github.com/infinispan/protostream/commit/4501b6b307a6bab545346f66238f8be7e42f83eb
github.com/infinispan/protostream/commit/4ef66958f2c4890ae1c6a7acd629d27bd88aa4cb
github.com/infinispan/protostream/commit/50320b5987dc87bc04b616b87e8cf93472ee19c1
issues.redhat.com/browse/IPROTO-262
issues.redhat.com/browse/IPROTO-263
issues.redhat.com/browse/ISPN-14534
nvd.nist.gov/vuln/detail/CVE-2023-5236
security.netapp.com/advisory/ntap-20240125-0004
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
High
EPSS
Percentile
21.3%