GHSA-488m-w9fp-5mm2
Suggest an improvement- Source
- https://github.com/advisories/GHSA-488m-w9fp-5mm2
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/12/GHSA-488m-w9fp-5mm2/GHSA-488m-w9fp-5mm2.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-488m-w9fp-5mm2
- Aliases
-
- CVE-2023-5236
- Published
- 2023-12-28T21:30:37Z
- Modified
- 2024-11-26T05:38:53.201767Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- 7.1 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N CVSS Calculator
- Summary
- Infinispan circular object references causes out of memory errors
- Details
-
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
- Database specific
{ "nvd_published_at": "2023-12-18T14:15:10Z", "cwe_ids": [ "CWE-1047" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-09-16T21:37:34Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2023-5236
- https://github.com/infinispan/protostream/commit/4501b6b307a6bab545346f66238f8be7e42f83eb
- https://github.com/infinispan/protostream/commit/4ef66958f2c4890ae1c6a7acd629d27bd88aa4cb
- https://github.com/infinispan/protostream/commit/50320b5987dc87bc04b616b87e8cf93472ee19c1
- https://access.redhat.com/errata/RHSA-2023:5396
- https://access.redhat.com/security/cve/CVE-2023-5236
- https://bugzilla.redhat.com/show_bug.cgi?id=2240999
- https://github.com/infinispan/infinispan
- https://issues.redhat.com/browse/IPROTO-262
- https://issues.redhat.com/browse/IPROTO-263
- https://issues.redhat.com/browse/ISPN-14534
- https://security.netapp.com/advisory/ntap-20240125-0004
Affected packages
Maven / org.infinispan.protostream:protostream
Package
- Name
- org.infinispan.protostream:protostream
- View open source insights on deps.dev
- Purl
- pkg:maven/org.infinispan.protostream/protostream
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed4.6.2.Final
Affected versions
1.*
1.0.0.Alpha1
1.0.0.Alpha2
1.0.0.Alpha3
1.0.0.Alpha4
1.0.0.Alpha5
1.0.0.Alpha6
1.0.0.Alpha7
1.0.0.CR1
1.0.0.Final
1.0.1.Final
1.0.2.Final
2.*
2.0.0.Alpha1
2.0.0.Alpha2
2.0.0.Alpha3
2.0.0.Alpha4
2.0.0.Final
2.0.1.Final
2.0.2.Final
2.0.3.Final
3.*
3.0.0.Alpha1
3.0.0.Alpha2
3.0.0.Alpha3
3.0.0.Alpha4
3.0.0.Alpha5
3.0.0.Alpha6
3.0.0.Alpha7
3.0.0.Alpha8
3.0.0.Alpha9
3.0.0.Final
3.0.1.Alpha1
3.0.1.Final
3.0.2.Final
3.0.3.Final
3.0.4.Final
3.0.5.Final
3.0.6.Final
3.0.7.Final
4.*
4.0.0.Alpha1
4.0.0.Alpha2
4.0.0.Alpha3
4.0.0.Alpha4
4.0.0.Alpha5
4.0.0.Alpha6
4.0.0.Alpha7
4.0.0.Alpha8
4.0.0.Alpha9
4.0.0.CR1
4.0.0.CR2
4.0.0.CR3
4.0.0.Final
4.0.1.Final
4.1.0.Alpha1
4.1.0.Final
4.1.1.Final
4.1.2.Final
4.1.3.Final
4.1.4.Final
4.2.0.Alpha1
4.2.0.Alpha2
4.2.0.Alpha3
4.2.0.Alpha4
4.2.0.Alpha5
4.2.0.Alpha6
4.2.0.CR1
4.2.0.CR2
4.2.0.Final
4.2.1.Final
4.2.2.Final
4.2.3.Final
4.2.4.Final
4.2.5.Final
4.2.6.Final
4.3.0.Alpha1
4.3.0.Alpha2
4.3.0.Alpha3
4.3.0.Alpha4
4.3.0.Alpha5
4.3.0.Alpha6
4.3.0.Alpha7
4.3.0.Alpha8
4.3.0.Alpha9
4.3.0.Alpha10
4.3.0.Alpha11
4.3.0.Alpha12
4.3.0.Alpha13
4.3.0.Final
4.3.1.Final
4.3.2.Final
4.3.3.Final
4.3.4.Final
4.3.5.Final
4.3.6.Final
4.4.0.Alpha1
4.4.0.Alpha2
4.4.0.Alpha3
4.4.0.Alpha4
4.4.0.Alpha5
4.4.0.Alpha6
4.4.0.Alpha7
4.4.0.Beta1
4.4.0.Beta2
4.4.0.Beta3
4.4.0.Final
4.4.1.Final
4.4.2.Final
4.4.3.Final
4.4.4.Final
4.5.0.CR1
4.5.0.Final
4.5.0.Dev01
4.5.0.Dev02
4.5.0.Dev03
4.5.0.Dev04
4.5.0.Dev05
4.5.1.Final
4.6.0.Final
4.6.1.Final