{ "threat_severity" : "Low", "public_date" : "2023-09-27T00:00:00Z", "bugzilla" : { "description" : "infinispan: circular reference on marshalling leads to DoS", "id" : "2240999", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2240999" }, "cvss3" : { "cvss3_base_score" : "4.4", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "details" : [ "A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.", "A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service." ], "affected_release" : [ { "product_name" : "Red Hat Data Grid 8.4.4", "release_date" : "2023-09-28T00:00:00Z", "advisory" : "RHSA-2023:5396", "cpe" : "cpe:/a:redhat:jboss_data_grid:8", "package" : "infinispan-server" } ], "package_state" : [ { "product_name" : "Red Hat build of Apache Camel 4 for Quarkus 3", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:camel_quarkus:3" }, { "product_name" : "Red Hat build of Apache Camel 4 for Quarkus 3", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:camel_quarkus:3" }, { "product_name" : "Red Hat build of Apache Camel 4 for Quarkus 3", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:camel_quarkus:3" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 4", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:camel_spring_boot:4" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 4", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:camel_spring_boot:4" }, { "product_name" : "Red Hat build of Apache Camel for Spring Boot 4", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:camel_spring_boot:4" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat build of Debezium 2", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:debezium:2" }, { "product_name" : "Red Hat build of Debezium 3", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:debezium:3" }, { "product_name" : "Red Hat build of Debezium 3", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:debezium:3" }, { "product_name" : "Red Hat build of Debezium 3", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:debezium:3" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:quarkus:3" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:quarkus:3" }, { "product_name" : "Red Hat build of Quarkus", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:quarkus:3" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Fix deferred", "package_name" : "protostream-integrationtests", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Data Grid 8", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:jboss_data_grid:8" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat Fuse 7", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:jboss_fuse:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Fix deferred", "package_name" : "protostream-integrationtests", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 7", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Fix deferred", "package_name" : "protostream-integrationtests", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform 8", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:8" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Fix deferred", "package_name" : "protostream-integrationtests", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack", "fix_state" : "Fix deferred", "package_name" : "protostream-types", "cpe" : "cpe:/a:redhat:jbosseapxp" }, { "product_name" : "Red Hat Process Automation 7", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Fix deferred", "package_name" : "protostream", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" }, { "product_name" : "Red Hat Single Sign-On 7", "fix_state" : "Fix deferred", "package_name" : "protostream-processor", "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-5236\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5236" ], "name" : "CVE-2023-5236", "csaw" : false }