Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying
certain SQL array values. A remote attacker could use this issue to obtain
sensitive information, or possibly execute arbitrary code. (CVE-2023-5869)

Hemanth Sandrana and Mahendrakar Srinivasarao discovered that PostgreSQL
allowed the pg_signal_backend role to signal certain superuser processes,
contrary to expectations. (CVE-2023-5870)

References

ubuntu.com/security/CVE-2023-5869

ubuntu.com/security/CVE-2023-5870

ubuntu.com/security/notices/USN-6570-1

openvas 24

ubuntu 3

nessus 70

kaspersky 1

debian 3

osv 19

mageia 1

redos 4

cloudfoundry 1

redhat 23

oraclelinux 7

rocky 4

almalinux 6

prion 2

veracode 2

cve 2

ubuntucve 2

cvelist 2

nvd 2

redhatcve 2

debiancve 2

cbl_mariner 2

wolfi 2

cgr 2

ibm 4

centos 1

alpinelinux 2

freebsd 2

photon 1

amazon 1

openvas

Ubuntu: Security Advisory (USN-6570-1)

2024-01-10 00:00:00

openSUSE: Security Advisory for postgresql13 (SUSE-SU-2023:4455-1)

2024-03-04 00:00:00

openSUSE: Security Advisory for postgresql, postgresql15, postgresql16 (SUSE-SU-2023:4495-1)

2024-03-04 00:00:00

ubuntu

PostgreSQL vulnerabilities

2024-01-09 00:00:00

PostgreSQL vulnerabilities

2023-12-06 00:00:00

PostgreSQL vulnerabilities

2024-01-17 00:00:00

nessus

Ubuntu 16.04 ESM : PostgreSQL vulnerabilities (USN-6570-1)

2024-01-09 00:00:00

PostgreSQL 11.x < 11.22 / 12.x < 12.17 / 13.x < 13.13 / 14.x < 14.10 / 15.x < 15.5 / 16.x < 16.1 Multiple Vulnerabilities

2023-11-15 00:00:00

Ubuntu 18.04 ESM : PostgreSQL vulnerabilities (USN-6538-2)

2024-01-17 00:00:00

kaspersky

KLA61933 Multiple vulnerabilities in PostgreSQL

2023-11-09 00:00:00

debian

[SECURITY] [DLA 3651-1] postgresql-11 security update

2023-11-14 08:34:40

[SECURITY] [DSA 5554-1] postgresql-13 security update

2023-11-13 21:27:39

[SECURITY] [DSA 5553-1] postgresql-15 security update

2023-11-13 21:15:25

osv

postgresql-12, postgresql-14, postgresql-15 vulnerabilities

2023-12-06 15:11:27

postgresql-10 vulnerabilities

2024-01-17 05:20:49

postgresql-11 - security update

2023-11-14 00:00:00

mageia

Updated postgresql packages fix security vulnerabilities

2023-11-22 04:49:25

redos

ROS-20240329-13

2024-03-29 00:00:00

ROS-20240329-14

2024-03-29 00:00:00

ROS-20240329-12

2024-03-29 00:00:00

cloudfoundry

USN-6538-1: PostgreSQL vulnerabilities | Cloud Foundry

2024-03-18 00:00:00

redhat

(RHSA-2023:7714) Important: postgresql:12 security update

2023-12-11 09:25:48

(RHSA-2023:7784) Important: postgresql security update

2023-12-13 14:48:22

(RHSA-2023:7770) Important: rh-postgresql12-postgresql security update

2023-12-13 07:47:10

oraclelinux

postgresql:12 security update

2023-12-18 00:00:00

postgresql:13 security update

2023-11-30 00:00:00

postgresql security update

2023-12-15 00:00:00

rocky

postgresql:12 security update

2024-01-09 04:07:10

postgresql:13 security update

2023-12-06 23:16:33

postgresql:15 security update

2024-01-09 04:08:12

almalinux

Important: postgresql:12 security update

2023-12-11 00:00:00

Important: postgresql:13 security update

2023-11-29 00:00:00

Important: postgresql security update

2023-12-13 00:00:00

prion

Integer overflow

2023-12-10 18:15:00

Design/Logic Flaw

2023-12-10 18:15:00

veracode

Arbitrary Code Execution

2023-11-27 21:07:19

Denial Of Service (DOS)

2023-11-27 21:04:45

cve

CVE-2023-5869

2023-12-10 18:15:07

CVE-2023-5870

2023-12-10 18:15:07

ubuntucve

CVE-2023-5870

2023-11-15 00:00:00

CVE-2023-5869

2023-11-15 00:00:00

cvelist

CVE-2023-5870 Postgresql: role pg_signal_backend can signal certain superuser processes.

2023-12-10 17:58:30

CVE-2023-5869 Postgresql: buffer overrun from integer overflow in array modification

2023-12-10 17:56:57

nvd

CVE-2023-5870

2023-12-10 18:15:07

CVE-2023-5869

2023-12-10 18:15:07

redhatcve

CVE-2023-5869

2023-11-10 10:44:59

CVE-2023-5870

2023-11-10 10:44:58

debiancve

CVE-2023-5869

2023-12-10 18:15:07

CVE-2023-5870

2023-12-10 18:15:07

cbl_mariner

CVE-2023-5869 affecting package postgresql for versions less than 14.10-1

2024-01-14 22:46:30

CVE-2023-5870 affecting package postgresql for versions less than 16.3-1

2024-05-31 18:55:08

wolfi

CVE-2023-5869 vulnerabilities

2024-06-24 09:08:26

CVE-2023-5870 vulnerabilities

2024-06-24 09:08:26

cgr

CVE-2023-5870 vulnerabilities

2024-05-19 03:07:16

CVE-2023-5869 vulnerabilities

2024-05-19 03:07:16

ibm

Security Bulletin: Multiple PostgreSQL Vulnerabilities Affect IBM Storage Scale System

2024-06-21 15:45:31

Security Bulletin: IBM Sterling Connect:Direct Web Service is vulnerable to buffer overflow due to PostgreSQL (CVE-2023-5869)

2024-02-19 08:30:03

Security Bulletin: IBM Sterling Connect:Direct Web Services is vulnerable to a denial of service due to PostgreSQL (CVE-2023-5870)

2024-05-06 04:15:34

centos

postgresql security update

2024-01-12 19:13:08

alpinelinux

CVE-2023-5869

2023-12-10 18:15:07

CVE-2023-5870

2023-12-10 18:15:07

freebsd

postgresql-server -- Role pg_cancel_backend can signal certain superuser processes

2023-11-09 00:00:00

postgresql-server -- Buffer overrun from integer overflow in array modification

2023-11-09 00:00:00

photon

Important Photon OS Security Update - PHSA-2023-4.0-0513

2023-11-16 00:00:00

amazon

Important: postgresql

2024-06-06 20:17:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.015 Low

EPSS

Percentile

86.7%

JSON

Related for OSV:USN-6570-1