8.8
CVSSv3

CVE-2023-5869

Published: 10/12/2023 Updated: 21/11/2024

Vulnerability Summary

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql

postgresql postgresql 16.0

redhat codeready linux builder eus 9.2

redhat codeready linux builder eus for power little endian eus 9.0 ppc64le

redhat codeready linux builder eus for power little endian eus 9.2 ppc64le

redhat codeready linux builder for arm64 eus 8.6 aarch64

redhat codeready linux builder for arm64 eus 9.0 aarch64

redhat codeready linux builder for arm64 eus 9.2 aarch64

redhat codeready linux builder for ibm z systems eus 9.0 s390x

redhat codeready linux builder for ibm z systems eus 9.2 s390x

redhat codeready linux builder for power little endian eus 9.0 ppc64le

redhat codeready linux builder for power little endian eus 9.2 ppc64le

redhat software collections 1.0

redhat enterprise linux 8.0

redhat enterprise linux 9.0

redhat enterprise linux desktop 7.0

redhat enterprise linux eus 8.6

redhat enterprise linux eus 8.8

redhat enterprise linux eus 9.0

redhat enterprise linux eus 9.2

redhat enterprise linux for arm 64 8.0

redhat enterprise linux for arm 64 8.8 aarch64

redhat enterprise linux for ibm z systems 7.0 s390x

redhat enterprise linux for ibm z systems 8.0 s390x

redhat enterprise linux for ibm z systems eus 8.6 s390x

redhat enterprise linux for ibm z systems eus 8.8 s390x

redhat enterprise linux for ibm z systems eus 9.0 s390x

redhat enterprise linux for ibm z systems eus 9.2 s390x

redhat enterprise linux for power big endian 7.0 ppc64

redhat enterprise linux for power little endian 7.0 ppc64le

redhat enterprise linux for power little endian 8.0 ppc64le

redhat enterprise linux for power little endian eus 8.6 ppc64le

redhat enterprise linux for power little endian eus 8.8 ppc64le

redhat enterprise linux for power little endian eus 9.0 ppc64le

redhat enterprise linux for power little endian eus 9.2 ppc64le

redhat enterprise linux for scientific computing 7.0

redhat enterprise linux server 7.0

redhat enterprise linux server aus 8.2

redhat enterprise linux server aus 8.4

redhat enterprise linux server aus 8.6

redhat enterprise linux server aus 9.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server tus 8.4

redhat enterprise linux server tus 8.6

redhat enterprise linux workstation 7.0

Vendor Advisories

Debian Bug report logs - #1056283 postgresql-15: CVE-2023-5868 CVE-2023-5869 CVE-2023-5870 Package: src:postgresql-15; Maintainer for src:postgresql-15 is Debian PostgreSQL Maintainers <team+postgresql@trackerdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Sun, 19 Nov 2023 20:00:01 UTC Severity: ...
Several vulnerabilities have been discovered in the PostgreSQL database system CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions CVE-2023-5870 Hemanth Sandrana ...
Several vulnerabilities have been discovered in the PostgreSQL database system CVE-2023-5868 Jingzhou Fu discovered a memory disclosure flaw in aggregate function calls CVE-2023-5869 Pedro Gallegos reported integer overflow flaws resulting in buffer overflows in the array modification functions CVE-2023-5870 Hemanth Sandrana ...
Description<!----> This CVE is under investigation by Red Hat Product Security ...
Synopsis Important: postgresql:13 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Pr ...
Synopsis Important: RHACS 374 enhancement and security update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security 374 The updated images includes bug and security fixesRed Hat Product Security has rated this update as having a security impact of Important A Common Vulner ...
Synopsis Important: postgresql:15 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated t ...
Synopsis Important: postgresql:13 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update S ...
Synopsis Important: rh-postgresql13-postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-postgresql13-postgresql is now available for Red Hat Software CollectionsRed Hat Product Sec ...
Synopsis Important: postgresql:12 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Pr ...
Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 81 Update Services for SAP Solutions ...
Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 86 Extended Update SupportRed Hat Pr ...
Synopsis Important: postgresql:13 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Pr ...
概述 Important: postgresql:13 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this updat ...
Synopsis Important: rh-postgresql10-postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-postgresql10-postgresql is now available for Red Hat Software CollectionsRed Hat Product Sec ...
Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Pr ...
Synopsis Important: postgresql:12 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated t ...
Synopsis Important: ACS 41 enhancement update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security 416 The updated images includes security fixesRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System ( ...
Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat E ...
Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated t ...
Synopsis Important: postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for postgresql is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Security ha ...
Synopsis Important: postgresql:15 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated t ...
概述 Important: postgresql:15 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 92 Extended Update SupportRed Hat Product Sec ...
Synopsis Important: postgresql:12 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update S ...
Synopsis Important: postgresql:12 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Pr ...
Synopsis Important: postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for postgresql is now available for Red Hat Enterprise Linux 9Red Hat Product Security has rated this update as hav ...
概述 Important: postgresql:15 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update for the postgresql:15 module is now available for Red Hat Enterprise Linux 88 Extended Update SupportRed Hat Product Sec ...
Synopsis Important: rh-postgresql12-postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for rh-postgresql12-postgresql is now available for Red Hat Software CollectionsRed Hat Product Sec ...
Synopsis Important: postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for postgresql is now available for Red Hat Enterprise Linux 90 Extended Update SupportRed Hat Product Security ha ...
概述 Important: postgresql:12 security update 类型/严重性 Security Advisory: Important Red Hat Insights 补丁分析 识别并修复受此公告影响的系统。 查看受影响的系统 标题 An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 82 Advanced Update Support, Red Hat Enterprise ...
Synopsis Important: postgresql:10 security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for the postgresql:10 module is now available for Red Hat Enterprise Linux 84 Advanced Mission Critical Update S ...
Synopsis Important: postgresql security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for postgresql is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as hav ...
Synopsis Important: RHACS 42 security update Type/Severity Security Advisory: Important Topic Updated images are now available for Red Hat Advanced Cluster Security 424The updated images includes security fixesRed Hat Product Security has rated this update as having a security impact ofImportant A Common Vulnerability Scoring System (CV ...
While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution Missing overflow checks also let authenticated database users read a wide area of server memory The CVE-2021-32027 fix covered some attacks of this description, but it ...
While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution Missing overflow checks also let authenticated database users read a wide area of server memory The CVE-2021-32027 fix covered some attacks of this description, but it ...
Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte One typically gets an "unknown"-type value via a string literal having no type designation We have not confirmed or ruled out viability of attacks that arrange for presence of not ...
Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte One typically gets an "unknown"-type value via a string literal having no type designation We have not confirmed or ruled out viability of attacks that arrange for presence of not ...
While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution Missing overflow checks also let authenticated database users read a wide area of server memory The CVE-2021-32027 fix covered some attacks of this description, but it ...
Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte One typically gets an "unknown"-type value via a string literal having no type designation We have not confirmed or ruled out viability of attacks that arrange for presence of not ...
While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that facilitates arbitrary code execution Missing overflow checks also let authenticated database users read a wide area of server memory The CVE-2021-32027 fix covered some attacks of this description, but it ...