CVE-2023-5236

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 18, 2023

Updated: Jan 25, 2024

CWE ID 1047

Summary

CVE-2023-5236 is a newly identified vulnerability in Infinispan, an open-source data grid platform. This issue arises from Infinispan's failure to detect circular object references during unmarshalling. An attacker with appropriate permissions can exploit this flaw by introducing a specially crafted object into the cache. The malicious object can lead to out-of-memory errors, resulting in a denial-of-service condition. Organizations using Infinispan should apply the available patch as soon as possible to mitigate this threat.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Red Hat Data Grid
Red Hat JBoss Data Grid

Affected Vendors

Red Hat

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/s0AwBK
https://www.cve.org/CVERecord?id=CVE-2023-5236
https://nvd.nist.gov/vuln/detail/CVE-2023-5236

Back to Vulnerability Database