4.3

CVE-2023-5868

Postgresql: memory disclosure in aggregate function calls

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version >= 11.0 < 11.22
PostgresqlPostgresql Version >= 12.0 < 12.17
PostgresqlPostgresql Version >= 13.0 < 13.13
PostgresqlPostgresql Version >= 14.0 < 14.10
PostgresqlPostgresql Version >= 15.0 < 15.5
PostgresqlPostgresql Version16.0
RedhatSoftware Collections Version1.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.6
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.0
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux For Arm 64 Version8.8_aarch64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.78% 0.845
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
secalert@redhat.com 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CWE-686 Function Call With Incorrect Argument Type

The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.

https://access.redhat.com/errata/RHSA-2023:7545
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7714
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5868
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247168
Issue Tracking
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
Release Notes
https://www.postgresql.org/support/security/CVE-2023-5868/
Vendor Advisory
Mitigation
https://security.netapp.com/advisory/ntap-20240119-0003/
https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html