Lucene search

K
cveRedhatCVE-2023-5869
HistoryDec 10, 2023 - 6:15 p.m.

CVE-2023-5869

2023-12-1018:15:07
CWE-190
redhat
web.nvd.nist.gov
707
postgresql
vulnerability
cve-2023-5869
database security
overflow
remote code execution

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.015

Percentile

86.7%

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server’s memory.

Affected configurations

Nvd
Node
postgresqlpostgresqlRange11.011.22
OR
postgresqlpostgresqlRange12.012.17
OR
postgresqlpostgresqlRange13.013.13
OR
postgresqlpostgresqlRange14.014.10
OR
postgresqlpostgresqlRange15.015.5
OR
postgresqlpostgresqlMatch16.0
Node
redhatcodeready_linux_builder_eusMatch9.2
OR
redhatcodeready_linux_builder_eus_for_power_little_endian_eusMatch9.0_ppc64le
OR
redhatcodeready_linux_builder_eus_for_power_little_endian_eusMatch9.2_ppc64le
OR
redhatcodeready_linux_builder_for_arm64_eusMatch8.6_aarch64
OR
redhatcodeready_linux_builder_for_arm64_eusMatch9.0_aarch64
OR
redhatcodeready_linux_builder_for_arm64_eusMatch9.2_aarch64
OR
redhatcodeready_linux_builder_for_ibm_z_systems_eusMatch9.0_s390x
OR
redhatcodeready_linux_builder_for_ibm_z_systems_eusMatch9.2_s390x
OR
redhatcodeready_linux_builder_for_power_little_endian_eusMatch9.0_ppc64le
OR
redhatcodeready_linux_builder_for_power_little_endian_eusMatch9.2_ppc64le
OR
redhatsoftware_collectionsMatch1.0
OR
redhatenterprise_linuxMatch8.0
OR
redhatenterprise_linuxMatch9.0
OR
redhatenterprise_linux_desktopMatch7.0
OR
redhatenterprise_linux_eusMatch8.6
OR
redhatenterprise_linux_eusMatch8.8
OR
redhatenterprise_linux_eusMatch9.0
OR
redhatenterprise_linux_eusMatch9.2
OR
redhatenterprise_linux_for_arm_64Match8.0
OR
redhatenterprise_linux_for_arm_64Match8.8_aarch64
OR
redhatenterprise_linux_for_ibm_z_systemsMatch7.0_s390x
OR
redhatenterprise_linux_for_ibm_z_systemsMatch8.0_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch8.6_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch8.8_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch9.0_s390x
OR
redhatenterprise_linux_for_ibm_z_systems_eusMatch9.2_s390x
OR
redhatenterprise_linux_for_power_big_endianMatch7.0_ppc64
OR
redhatenterprise_linux_for_power_little_endianMatch7.0_ppc64le
OR
redhatenterprise_linux_for_power_little_endianMatch8.0_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch8.6_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch8.8_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch9.0_ppc64le
OR
redhatenterprise_linux_for_power_little_endian_eusMatch9.2_ppc64le
OR
redhatenterprise_linux_for_scientific_computingMatch7.0
OR
redhatenterprise_linux_serverMatch7.0
OR
redhatenterprise_linux_server_ausMatch8.2
OR
redhatenterprise_linux_server_ausMatch8.4
OR
redhatenterprise_linux_server_ausMatch8.6
OR
redhatenterprise_linux_server_ausMatch9.2
OR
redhatenterprise_linux_server_tusMatch8.2
OR
redhatenterprise_linux_server_tusMatch8.4
OR
redhatenterprise_linux_server_tusMatch8.6
OR
redhatenterprise_linux_workstationMatch7.0
VendorProductVersionCPE
postgresqlpostgresql16.0cpe:/a:postgresql:postgresql:16.0:::

CNA Affected

[
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-main-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Advanced Cluster Security 4.2",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.2.4-7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.2::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:9.2.24-9.el7_9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7::computenode",
      "cpe:/o:redhat:enterprise_linux:7::server",
      "cpe:/o:redhat:enterprise_linux:7::client",
      "cpe:/o:redhat:enterprise_linux:7::workstation"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020231114113712.a75119d5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020231128173330.a75119d5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020231201202407.a75119d5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8090020231114113548.a75119d5",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8010020231130170510.c27ad7f8",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.1::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231128165246.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231201202149.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231128165246.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231201202149.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231128165246.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8020020231201202149.4cda2c84",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_aus:8.2::appstream",
      "cpe:/a:redhat:rhel_tus:8.2::appstream",
      "cpe:/a:redhat:rhel_e4s:8.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127153301.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127154806.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127142440.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127153301.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127154806.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127142440.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127153301.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127154806.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8040020231127142440.522a0ee4",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_e4s:8.4::appstream",
      "cpe:/a:redhat:rhel_tus:8.4::appstream",
      "cpe:/a:redhat:rhel_aus:8.4::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020231114115246.ad008a3a",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020231128165328.ad008a3a",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8060020231201202249.ad008a3a",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.6::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:13",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020231114105206.63b34585",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:12",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020231128165335.63b34585",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:10",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020231201202316.63b34585",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "8080020231113134015.63b34585",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:8.8::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el9_3",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream",
      "cpe:/a:redhat:enterprise_linux:9::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "9030020231120082734.rhel9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:enterprise_linux:9::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el9_0",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.0::appstream",
      "cpe:/a:redhat:rhel_eus:9.0::crb"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el9_2",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::crb",
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9.2 Extended Update Support",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:15",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "9020020231115020618.rhel9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_eus:9.2::appstream"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-postgresql12-postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:12.17-1.el7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_software_collections:3::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-postgresql10-postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:10.23-2.el7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_software_collections:3::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "rh-postgresql13-postgresql",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "0:13.13-1.el7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:rhel_software_collections:3::el7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-main-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-7",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-3.74-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "3.74.8-9",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:3.74::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-central-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-main-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-operator-bundle",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "RHACS-4.1-RHEL-8",
    "collectionURL": "https://catalog.redhat.com/software/containers/",
    "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8",
    "defaultStatus": "affected",
    "versions": [
      {
        "version": "4.1.6-6",
        "lessThan": "*",
        "versionType": "rpm",
        "status": "unaffected"
      }
    ],
    "cpes": [
      "cpe:/a:redhat:advanced_cluster_security:4.1::el8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql",
    "defaultStatus": "unknown",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:16/postgresql",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "postgresql:16/postgresql",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  }
]

References

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

9

Confidence

High

EPSS

0.015

Percentile

86.7%