CLSA-2024-1707822783 Fix CVE(s): CVE-2023-5868, CVE-2023-5870

SECURITY UPDATE: Memory disclosure in aggregate function calls - debian/patches/CVE-2023-5868.patch: Compute aggregate argument types correctly in transformAggregateCall. - CVE-2023-5868 SECURITY UPDATE: Role "pgsignalbackend" can signal certain superuser processes -...

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

USN-6538-1 postgresql-12, postgresql-14, postgresql-15 vulnerabilities

Jingzhou Fu discovered that PostgreSQL incorrectly handled certain unknown arguments in aggregate function calls. A remote attacker could possibly use this issue to obtain sensitive information. CVE-2023-5868 Pedro Gallegos discovered that PostgreSQL incorrectly handled modifying certain SQL arra...

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

postgresql: Memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

The vulnerability of the PostgreSQL database management system lies in the lack of protection for service data in aggregate function calls, allowing attackers to exploit this to disclose protected information.

The vulnerability of the PostgreSQL database management system is related to the lack of protection for service data in aggregate function calls. Exploiting this vulnerability allows a malicious actor to disclose sensitive information when an unknown type is passed as an argument...

UBUNTU-CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

SUSE CVE-2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes,...

PT-2023-6890 · Unknown +11 · Postgresql +10

Name of the Vulnerable Software and Affected Versions: PostgreSQL affected versions not specified Description: A memory disclosure issue was found in PostgreSQL, allowing remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Thi...