CVE-2023-5236

State: PUBLISHED · Published: 2023-12-18 · Updated: 2025-11-21 · Assigner: redhat

Description

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.

CWE

(none)

Affected

Red Hat / Red Hat Data Grid 8.4.4 —
Red Hat / Red Hat build of Apache Camel 4 for Quarkus 3 —
Red Hat / Red Hat build of Apache Camel 4 for Quarkus 3 —
Red Hat / Red Hat build of Apache Camel 4 for Quarkus 3 —
Red Hat / Red Hat build of Apache Camel for Spring Boot 4 —
Red Hat / Red Hat build of Apache Camel for Spring Boot 4 —
Red Hat / Red Hat build of Apache Camel for Spring Boot 4 —
Red Hat / Red Hat build of Debezium 2 —
Red Hat / Red Hat build of Debezium 2 —
Red Hat / Red Hat build of Debezium 2 —
Red Hat / Red Hat build of Debezium 3 —
Red Hat / Red Hat build of Debezium 3 —
Red Hat / Red Hat build of Debezium 3 —
Red Hat / Red Hat build of Quarkus —
Red Hat / Red Hat build of Quarkus —
Red Hat / Red Hat build of Quarkus —
Red Hat / Red Hat Data Grid 8 —
Red Hat / Red Hat Data Grid 8 —
Red Hat / Red Hat Data Grid 8 —
Red Hat / Red Hat Data Grid 8 —
Red Hat / Red Hat Fuse 7 —
Red Hat / Red Hat Fuse 7 —
Red Hat / Red Hat Fuse 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform 7 —
Red Hat / Red Hat JBoss Enterprise Application Platform 8 —
Red Hat / Red Hat JBoss Enterprise Application Platform 8 —
Red Hat / Red Hat JBoss Enterprise Application Platform 8 —
Red Hat / Red Hat JBoss Enterprise Application Platform 8 —
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
Red Hat / Red Hat JBoss Enterprise Application Platform Expansion Pack —
Red Hat / Red Hat Process Automation 7 —
Red Hat / Red Hat Single Sign-On 7 —
Red Hat / Red Hat Single Sign-On 7 —

CVSS

3.1 score=4.4 severity=MEDIUM CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

References

https://access.redhat.com/errata/RHSA-2023:5396 vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/security/cve/CVE-2023-5236 vdb-entry, x_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2240999 issue-tracking, x_refsource_REDHAT

Source

cvelistV5-main/cves/2023/5xxx/CVE-2023-5236.json