Lucene search

K

MITRECVE-2023-5868

HistoryDec 10, 2023 - 5:56 p.m.

CVE-2023-5868

2023-12-1017:56:57

MITRE

web.nvd.nist.gov

251

postgresql

memory disclosure

vulnerability

remote access

aggregate function calls

nvd

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with ‘unknown’-type arguments. Handling ‘unknown’-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

References

access.redhat.com/errata/RHSA-2023:7545

access.redhat.com/errata/RHSA-2023:7579

access.redhat.com/errata/RHSA-2023:7580

access.redhat.com/errata/RHSA-2023:7581

access.redhat.com/errata/RHSA-2023:7616

access.redhat.com/errata/RHSA-2023:7656

access.redhat.com/errata/RHSA-2023:7666

access.redhat.com/errata/RHSA-2023:7667

access.redhat.com/errata/RHSA-2023:7694

access.redhat.com/errata/RHSA-2023:7695

access.redhat.com/errata/RHSA-2023:7714

access.redhat.com/errata/RHSA-2023:7770

access.redhat.com/errata/RHSA-2023:7772

access.redhat.com/errata/RHSA-2023:7784

access.redhat.com/errata/RHSA-2023:7785

access.redhat.com/errata/RHSA-2023:7883

access.redhat.com/errata/RHSA-2023:7884

access.redhat.com/errata/RHSA-2023:7885

access.redhat.com/errata/RHSA-2024:0304

access.redhat.com/errata/RHSA-2024:0332

access.redhat.com/errata/RHSA-2024:0337

access.redhat.com/security/cve/CVE-2023-5868

bugzilla.redhat.com/show_bug.cgi?id=2247168

security.netapp.com/advisory/ntap-20240119-0003/

www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

www.postgresql.org/support/security/CVE-2023-5868/

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%