Description
A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions |
|---|---|---|---|
| Red Hat | Red Hat Data Grid 8.4.4 | unaffected | — |
| Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | affected | — |
| Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | affected | — |
| Red Hat | Red Hat build of Apache Camel 4 for Quarkus 3 | affected | — |
| Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | affected | — |
| Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | affected | — |
| Red Hat | Red Hat build of Apache Camel for Spring Boot 4 | affected | — |
| Red Hat | Red Hat build of Debezium 2 | affected | — |
| Red Hat | Red Hat build of Debezium 2 | affected | — |
| Red Hat | Red Hat build of Debezium 2 | affected | — |
| Red Hat | Red Hat build of Debezium 3 | affected | — |
| Red Hat | Red Hat build of Debezium 3 | affected | — |
| Red Hat | Red Hat build of Debezium 3 | affected | — |
| Red Hat | Red Hat build of Quarkus | affected | — |
| Red Hat | Red Hat build of Quarkus | affected | — |
| Red Hat | Red Hat build of Quarkus | affected | — |
| Red Hat | Red Hat Data Grid 8 | affected | — |
| Red Hat | Red Hat Data Grid 8 | affected | — |
| Red Hat | Red Hat Data Grid 8 | affected | — |
| Red Hat | Red Hat Data Grid 8 | affected | — |
| Red Hat | Red Hat Fuse 7 | affected | — |
| Red Hat | Red Hat Fuse 7 | affected | — |
| Red Hat | Red Hat Fuse 7 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 7 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform 8 | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | affected | — |
| Red Hat | Red Hat JBoss Enterprise Application Platform Expansion Pack | affected | — |
| Red Hat | Red Hat Process Automation 7 | affected | — |
| Red Hat | Red Hat Single Sign-On 7 | affected | — |
| Red Hat | Red Hat Single Sign-On 7 | affected | — |
Configuration 1 [-]
|
Configuration 2 [-]
|
Configuration 3 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat Data Grid 8.4.4 | |||
| cpe:/a:redhat:jboss_data_grid:8 | RHSA-2023:5396 | 2023-09-28T00:00:00Z | |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 EUVD |
EUVD-2023-3094 | A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service. |
 Github GHSA |
GHSA-488m-w9fp-5mm2 | Infinispan circular object references causes out of memory errors |
References
History
Fri, 07 Nov 2025 20:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Redhat camel Quarkus
Redhat camel Spring Boot Redhat debezium Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat quarkus Redhat red Hat Single Sign On |
|
| CPEs | cpe:/a:redhat:camel_quarkus:3 cpe:/a:redhat:camel_spring_boot:4 cpe:/a:redhat:debezium:2 cpe:/a:redhat:debezium:3 cpe:/a:redhat:jboss_enterprise_application_platform:7 cpe:/a:redhat:jboss_enterprise_application_platform:8 cpe:/a:redhat:jboss_enterprise_bpms_platform:7 cpe:/a:redhat:jboss_fuse:7 cpe:/a:redhat:jbosseapxp cpe:/a:redhat:quarkus:3 cpe:/a:redhat:red_hat_single_sign_on:7 |
|
| Vendors & Products |
Redhat camel Quarkus
Redhat camel Spring Boot Redhat debezium Redhat jboss Enterprise Application Platform Redhat jboss Enterprise Bpms Platform Redhat jboss Fuse Redhat jbosseapxp Redhat quarkus Redhat red Hat Single Sign On |
Sat, 23 Nov 2024 02:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Subscriptions
Infinispan
Subscribe
Infinispan
Subscribe
Redhat
Subscribe
Camel Quarkus
Subscribe
Camel Spring Boot
Subscribe
Data Grid
Subscribe
Debezium
Subscribe
Jboss Data Grid
Subscribe
Jboss Enterprise Application Platform
Subscribe
Jboss Enterprise Bpms Platform
Subscribe
Jboss Fuse
Subscribe
Jbosseapxp
Subscribe
Quarkus
Subscribe
Red Hat Single Sign On
Subscribe
MITRE
Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2025-11-21T05:57:06.838Z
Reserved: 2023-09-27T16:33:11.279Z
Link: CVE-2023-5236
Vulnrichment
Updated: 2024-08-02T07:52:08.546Z
NVD
Status : Modified
Published: 2023-12-18T14:15:10.917
Modified: 2025-09-25T09:15:29.453
Link: CVE-2023-5236
Redhat
OpenCVE Enrichment
No data.
Weaknesses