Vulnerability of the array_append, array_prepend, and array_subscript_handler functions in the PostgreSQL database management system, related to integer overflow during array modifications, allowing attackers to execute arbitrary code.

🗓️ 14 Nov 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 2 Views

PostgreSQL overflow flaw in array_append, array_prepend, and array_subscript_handler enables remote code execution.

Reporter	Title	Published	Views	Family All 368
FreeBSD	postgresql-server -- Buffer overrun from integer overflow in array modification	9 Nov 202300:00	–	freebsd
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	26 Mar 202504:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Observability with Instana (OnPrem) is affected by multiple security vulnerabilities	10 Jul 202407:59	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Data Risk Manager is affected by multiple vulnerabilities	30 Jan 202404:12	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium is affected by multiple vulnerabilities	26 Mar 202504:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to buffer overflow due to PostgreSQL (CVE-2023-5869)	19 Feb 202408:12	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System	21 Jun 202415:45	–	ibm
IBM Security Bulletins	Security Bulletin: The Network Threat Analytics App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	24 Mar 202618:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge is vulnerable to various issues in postgresql	31 Oct 202518:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PostgreSQL, Golang might affect IBM Spectrum Copy Data Management	12 Jan 202416:31	–	ibm

Vulners

Node

postgresql postgresqlRange11–11.22

OR

postgresql postgresqlRange12–12.17

OR

postgresql postgresqlRange13–13.13

OR

postgresql postgresqlRange14–14.10

OR

postgresql postgresqlRange15–15.5

OR

postgresql postgresqlRange16–16.1

OR

postgres_professional postgres_pro_certifiedRange<16.1.1

OR

postgres_professional postgres_pro_certifiedRange<15.5.1

OR

postgres_professional postgres_pro_certifiedRange<14.10.1

OR

postgres_professional postgres_pro_certifiedRange<11.22.1

OR

red_hat red_hat_enterprise_linuxMatch7

OR

red_hat red_hat_enterprise_linuxMatch8

OR

red_hat red_hat_enterprise_linuxMatch9

Source	Link
vuldb	www.vuldb.com/ru/
postgresql	www.postgresql.org/support/security/CVE-2023-5869/
safe-surf	www.safe-surf.ru/upload/VULN-new/VULN.2023-11-10.1.pdf
postgresql	www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
security-tracker	www.security-tracker.debian.org/tracker/CVE-2023-5869
access	www.access.redhat.com/security/cve/cve-2023-5869
altsp	www.altsp.su/obnovleniya-bezopasnosti/
postgrespro	www.postgrespro.ru/products/postgrespro/certified
wiki	www.wiki.astralinux.ru/astra-linux-se17-bulletin-2024-0212SE17
repo	www.repo.red-soft.ru/redos/7.3c/x86_64/updates/

06 Nov 2025 00:00Current

7.8High risk

Vulners AI Score7.8

CVSS 38.8

CVSS 29

EPSS0.04322

postgresql array_append array_prepend array_subscript_handler integer_overflow remote_code_execution