Lucene search

RedhatVULNRICHMENT:CVE-2023-5236

HistoryDec 18, 2023 - 1:43 p.m.

CVE-2023-5236 Infinispan: circular reference on marshalling leads to dos

2023-12-1813:43:08

CWE-1047

redhat

github.com

infinispan

circular reference

unmarshalling

denial of service

authenticated attacker

cache

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

21.3%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.

References

access.redhat.com/errata/RHSA-2023:5396

access.redhat.com/security/cve/CVE-2023-5236

bugzilla.redhat.com/show_bug.cgi?id=2240999

CVSS3

4.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

21.3%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2023-5236