CVE-2023-5868

Severity

43%

Complexity

27%

Confidentiality

23%

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

CVSS 3.1 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N).

Overview

First reported 1 year ago

2023-12-10 18:15:00

Last updated 1 year ago

2023-12-20 15:15:00

Affected Software

PostgreSQL

Red Hat Enterprise Linux 8.0

8.0

References

RHSA-2023:7545

RHSA-2023:7579

RHSA-2023:7580

RHSA-2023:7581

RHSA-2023:7616

RHSA-2023:7656

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

https://access.redhat.com/security/cve/CVE-2023-5868

RHBZ#2247168

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

https://www.postgresql.org/support/security/CVE-2023-5868/

RHSA-2023:7714

RHSA-2023:7545

Third Party Advisory

RHSA-2023:7579

Third Party Advisory

RHSA-2023:7580

Third Party Advisory

RHSA-2023:7581

Third Party Advisory

RHSA-2023:7616

Third Party Advisory

RHSA-2023:7656

Third Party Advisory

RHSA-2023:7666

Third Party Advisory

RHSA-2023:7667

Third Party Advisory

RHSA-2023:7694

Third Party Advisory

RHSA-2023:7695

Third Party Advisory

https://access.redhat.com/security/cve/CVE-2023-5868

Third Party Advisory

RHBZ#2247168

Issue Tracking

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

Release Notes

https://www.postgresql.org/support/security/CVE-2023-5868/

Mitigation, Vendor Advisory

RHSA-2023:7714

Third Party Advisory

RHSA-2023:7770

Third Party Advisory

RHSA-2023:7772

Third Party Advisory

RHSA-2023:7784

RHSA-2023:7785

RHSA-2023:7883

RHSA-2023:7884

RHSA-2023:7885

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.