CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
86.7%
A flaw was found in PostgreSQL that allows authenticated database users to
execute arbitrary code through missing overflow checks during SQL array
value modification. This issue exists due to an integer overflow during
array modification where a remote user can trigger the overflow by
providing specially crafted data. This enables the execution of arbitrary
code on the target system, allowing users to write arbitrary bytes to
memory and extensively read the server’s memory.
Author | Note |
---|---|
leosilva | PostgreSQL 9.3 is end of life upstream, and no updates are are available. Marking as deferred in -esm-main releases. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | postgresql-10 | < 10.23-0ubuntu0.18.04.2+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | postgresql-12 | < 12.17-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | postgresql-14 | < 14.10-0ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 23.04 | noarch | postgresql-15 | < 15.5-0ubuntu0.23.04.1 | UNKNOWN |
ubuntu | 23.10 | noarch | postgresql-15 | < 15.5-0ubuntu0.23.10.1 | UNKNOWN |
ubuntu | 14.04 | noarch | postgresql-9.3 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | postgresql-9.5 | < 9.5.25-0ubuntu0.16.04.1+esm6 | UNKNOWN |
git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=c48008f599fd0e3bca2923ff5b40b559ae1e4e2e (v11)
launchpad.net/bugs/cve/CVE-2023-5869
nvd.nist.gov/vuln/detail/CVE-2023-5869
security-tracker.debian.org/tracker/CVE-2023-5869
ubuntu.com/security/notices/USN-6538-1
ubuntu.com/security/notices/USN-6538-2
ubuntu.com/security/notices/USN-6570-1
www.cve.org/CVERecord?id=CVE-2023-5869
www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
www.postgresql.org/support/security/CVE-2023-5869/
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
86.7%