A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service.
The product contains modules in which one module has references that cycle back to itself, i.e., there are circular dependencies.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Data_grid | Redhat | * | 8.4.4 (excluding) |
Red Hat Data Grid 8.4.4 | RedHat | * |
As an example, with Java, this weakness might indicate cycles between packages. This issue makes it more difficult to maintain the product due to insufficient modularity, which indirectly affects security by making it more difficult or time-consuming to find and/or fix vulnerabilities. It also might make it easier to introduce vulnerabilities. This issue can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.