CVE-2023-5869

EPSS 1.61%
Published 10.12.2023 18:15:07
Last modified 21.11.2024 08:42:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Affected products Warnungen 0 Metrics 3 CWE 1 References 37

Data is provided by the National Vulnerability Database (NVD)

Postgresql ≫ Postgresql Version >= 11.0 < 11.22

Postgresql ≫ Postgresql Version >= 12.0 < 12.17

Postgresql ≫ Postgresql Version >= 13.0 < 13.13

Postgresql ≫ Postgresql Version >= 14.0 < 14.10

Postgresql ≫ Postgresql Version >= 15.0 < 15.5

Postgresql ≫ Postgresql Version16.0

Redhat ≫ Codeready Linux Builder Eus Version9.2

Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.0_ppc64le

Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.6_aarch64

Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.0_aarch64

Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.2_aarch64

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.0_s390x

Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.2_s390x

Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.0_ppc64le

Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Software Collections Version1.0

Redhat ≫ Enterprise Linux Version8.0

Redhat ≫ Enterprise Linux Version9.0

Redhat ≫ Enterprise Linux Desktop Version7.0

Redhat ≫ Enterprise Linux Eus Version8.6

Redhat ≫ Enterprise Linux Eus Version8.8

Redhat ≫ Enterprise Linux Eus Version9.0

Redhat ≫ Enterprise Linux Eus Version9.2

Redhat ≫ Enterprise Linux For Arm 64 Version8.0

Redhat ≫ Enterprise Linux For Arm 64 Version8.8_aarch64

Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0_s390x

Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.2_s390x

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64

Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0_ppc64le

Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version8.2

Redhat ≫ Enterprise Linux Server Aus Version8.4

Redhat ≫ Enterprise Linux Server Aus Version8.6

Redhat ≫ Enterprise Linux Server Aus Version9.2

Redhat ≫ Enterprise Linux Server Tus Version8.2

Redhat ≫ Enterprise Linux Server Tus Version8.4

Redhat ≫ Enterprise Linux Server Tus Version8.6

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.61%	0.811

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
secalert@redhat.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://access.redhat.com/errata/RHSA-2023:7545

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7579

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7580

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7581

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7616

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7656

Third Party Advisory