4.3
CVE-2023-5868
- EPSS 2.72%
- Veröffentlicht 10.12.2023 18:15:07
- Zuletzt bearbeitet 21.11.2024 08:42:40
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 11.0 < 11.22
Postgresql ≫ Postgresql Version >= 12.0 < 12.17
Postgresql ≫ Postgresql Version >= 13.0 < 13.13
Postgresql ≫ Postgresql Version >= 14.0 < 14.10
Postgresql ≫ Postgresql Version >= 15.0 < 15.5
Postgresql ≫ Postgresql Version16.0
Redhat ≫ Codeready Linux Builder Eus Version9.2
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.6_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.0_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.2_aarch64
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Software Collections Version1.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux Eus Version8.8
Redhat ≫ Enterprise Linux Eus Version9.0
Redhat ≫ Enterprise Linux Eus Version9.2
Redhat ≫ Enterprise Linux For Arm 64 Version8.0
Redhat ≫ Enterprise Linux For Arm 64 Version8.8_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server Aus Version9.2
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.72% | 0.854 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| secalert@redhat.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-686 Function Call With Incorrect Argument Type
The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.