4.3
CVE-2023-5868
- EPSS 2.72%
- Published 10.12.2023 18:15:07
- Last modified 21.11.2024 08:42:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Data is provided by the National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 11.0 < 11.22
Postgresql ≫ Postgresql Version >= 12.0 < 12.17
Postgresql ≫ Postgresql Version >= 13.0 < 13.13
Postgresql ≫ Postgresql Version >= 14.0 < 14.10
Postgresql ≫ Postgresql Version >= 15.0 < 15.5
Postgresql ≫ Postgresql Version16.0
Redhat ≫ Codeready Linux Builder Eus Version9.2
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.6_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.0_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.2_aarch64
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Software Collections Version1.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux Eus Version8.8
Redhat ≫ Enterprise Linux Eus Version9.0
Redhat ≫ Enterprise Linux Eus Version9.2
Redhat ≫ Enterprise Linux For Arm 64 Version8.0
Redhat ≫ Enterprise Linux For Arm 64 Version8.8_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server Aus Version9.2
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.72% | 0.854 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| secalert@redhat.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-686 Function Call With Incorrect Argument Type
The product calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses.