CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

CVSS v3 8.8 HIGH

8.8^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:7545	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7714	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7771	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7778	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7783	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7786
https://access.redhat.com/errata/RHSA-2023:7788
https://access.redhat.com/errata/RHSA-2023:7789
https://access.redhat.com/errata/RHSA-2023:7790
https://access.redhat.com/errata/RHSA-2023:7878
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5869	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247169	Issue Tracking
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/	Release Notes
https://www.postgresql.org/support/security/CVE-2023-5869/	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:16.0:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:software_collections:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

14 Sep 2024, 00:15

Type	Values Removed	Values Added
References	~~{'url': 'https://security.netapp.com/advisory/ntap-20240119-0003/', 'source': 'secalert@redhat.com'}~~

25 Jan 2024, 09:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0337 -

22 Jan 2024, 21:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0332 -

19 Jan 2024, 16:15

Type	Values Removed	Values Added
References		() https://security.netapp.com/advisory/ntap-20240119-0003/ -

19 Jan 2024, 03:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0304 -

20 Dec 2023, 15:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2023:7883 - () https://access.redhat.com/errata/RHSA-2023:7885 - () https://access.redhat.com/errata/RHSA-2023:7878 - () https://access.redhat.com/errata/RHSA-2023:7884 -

13 Dec 2023, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-10 18:15

Updated : 2024-09-14 00:15

NVD link : CVE-2023-5869

Mitre link : CVE-2023-5869

CVE.ORG link : CVE-2023-5869

JSON object : View

Products Affected

redhat

codeready_linux_builder_for_power_little_endian_eus
enterprise_linux_for_scientific_computing
enterprise_linux_server
codeready_linux_builder_eus
enterprise_linux_desktop
codeready_linux_builder_for_ibm_z_systems_eus
codeready_linux_builder_eus_for_power_little_endian_eus
enterprise_linux_server_tus
enterprise_linux_for_power_little_endian
enterprise_linux
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_power_little_endian_eus
enterprise_linux_server_aus
enterprise_linux_eus
enterprise_linux_for_power_big_endian
enterprise_linux_for_ibm_z_systems_eus
software_collections
enterprise_linux_workstation
enterprise_linux_for_arm_64
codeready_linux_builder_for_arm64_eus

postgresql

postgresql

CWE

CWE-190

Integer Overflow or Wraparound

8.8 /10