Lucene search

[email protected]NVD:CVE-2023-5869

HistoryDec 10, 2023 - 6:15 p.m.

CVE-2023-5869

2023-12-1018:15:07

CWE-190

[email protected]

web.nvd.nist.gov

postgresql

authenticated users

arbitrary code

integer overflow

sql array modification

remote user

memory vulnerability

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.015

Percentile

86.7%

JSON

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server’s memory.

Affected configurations

Nvd

Node

postgresqlpostgresqlRange11.0–11.22

postgresqlpostgresqlRange12.0–12.17

postgresqlpostgresqlRange13.0–13.13

postgresqlpostgresqlRange14.0–14.10

postgresqlpostgresqlRange15.0–15.5

postgresqlpostgresqlMatch16.0

Node

redhatcodeready_linux_builder_eusMatch9.2

redhatcodeready_linux_builder_eus_for_power_little_endian_eusMatch9.0_ppc64le

redhatcodeready_linux_builder_eus_for_power_little_endian_eusMatch9.2_ppc64le

redhatcodeready_linux_builder_for_arm64_eusMatch8.6_aarch64

redhatcodeready_linux_builder_for_arm64_eusMatch9.0_aarch64

redhatcodeready_linux_builder_for_arm64_eusMatch9.2_aarch64

redhatcodeready_linux_builder_for_ibm_z_systems_eusMatch9.0_s390x

redhatcodeready_linux_builder_for_ibm_z_systems_eusMatch9.2_s390x

redhatcodeready_linux_builder_for_power_little_endian_eusMatch9.0_ppc64le

redhatcodeready_linux_builder_for_power_little_endian_eusMatch9.2_ppc64le

redhatsoftware_collectionsMatch1.0

redhatenterprise_linuxMatch8.0

redhatenterprise_linuxMatch9.0

redhatenterprise_linux_desktopMatch7.0

redhatenterprise_linux_eusMatch8.6

redhatenterprise_linux_eusMatch8.8

redhatenterprise_linux_eusMatch9.0

redhatenterprise_linux_eusMatch9.2

redhatenterprise_linux_for_arm_64Match8.0

redhatenterprise_linux_for_arm_64Match8.8_aarch64

redhatenterprise_linux_for_ibm_z_systemsMatch7.0_s390x

redhatenterprise_linux_for_ibm_z_systemsMatch8.0_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.6_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch8.8_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch9.0_s390x

redhatenterprise_linux_for_ibm_z_systems_eusMatch9.2_s390x

redhatenterprise_linux_for_power_big_endianMatch7.0_ppc64

redhatenterprise_linux_for_power_little_endianMatch7.0_ppc64le

redhatenterprise_linux_for_power_little_endianMatch8.0_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch8.6_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch8.8_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch9.0_ppc64le

redhatenterprise_linux_for_power_little_endian_eusMatch9.2_ppc64le

redhatenterprise_linux_for_scientific_computingMatch7.0

redhatenterprise_linux_serverMatch7.0

redhatenterprise_linux_server_ausMatch8.2

redhatenterprise_linux_server_ausMatch8.4

redhatenterprise_linux_server_ausMatch8.6

redhatenterprise_linux_server_ausMatch9.2

redhatenterprise_linux_server_tusMatch8.2

redhatenterprise_linux_server_tusMatch8.4

redhatenterprise_linux_server_tusMatch8.6

redhatenterprise_linux_workstationMatch7.0

VendorProductVersionCPE
postgresqlpostgresql*cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
postgresqlpostgresql16.0cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
redhatcodeready_linux_builder_eus9.2cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
redhatcodeready_linux_builder_eus_for_power_little_endian_eus9.0_ppc64lecpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
redhatcodeready_linux_builder_eus_for_power_little_endian_eus9.2_ppc64lecpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_arm64_eus8.6_aarch64cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_arm64_eus9.0_aarch64cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_arm64_eus9.2_aarch64cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_ibm_z_systems_eus9.0_s390xcpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
redhatcodeready_linux_builder_for_ibm_z_systems_eus9.2_s390xcpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
postgresql	postgresql	*	cpe:2.3:a:postgresql:postgresql::::::::
postgresql	postgresql	16.0	cpe:2.3:a:postgresql:postgresql:16.0:::::::*
redhat	codeready_linux_builder_eus	9.2	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
redhat	codeready_linux_builder_eus_for_power_little_endian_eus	9.0_ppc64le	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:::::::*
redhat	codeready_linux_builder_eus_for_power_little_endian_eus	9.2_ppc64le	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
redhat	codeready_linux_builder_for_arm64_eus	8.6_aarch64	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
redhat	codeready_linux_builder_for_arm64_eus	9.0_aarch64	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:::::::*
redhat	codeready_linux_builder_for_arm64_eus	9.2_aarch64	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
redhat	codeready_linux_builder_for_ibm_z_systems_eus	9.0_s390x	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:::::::*
redhat	codeready_linux_builder_for_ibm_z_systems_eus	9.2_s390x	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*