8.8
CVE-2023-5869
- EPSS 4.32%
- Veröffentlicht 10.12.2023 18:15:07
- Zuletzt bearbeitet 04.11.2025 20:17:13
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Postgresql: buffer overrun from integer overflow in array modification
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 11.0 < 11.22
Postgresql ≫ Postgresql Version >= 12.0 < 12.17
Postgresql ≫ Postgresql Version >= 13.0 < 13.13
Postgresql ≫ Postgresql Version >= 14.0 < 14.10
Postgresql ≫ Postgresql Version >= 15.0 < 15.5
Postgresql ≫ Postgresql Version16.0
Redhat ≫ Codeready Linux Builder Eus Version9.2
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.6_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.0_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.2_aarch64
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Software Collections Version1.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Desktop Version7.0
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux Eus Version8.8
Redhat ≫ Enterprise Linux Eus Version9.0
Redhat ≫ Enterprise Linux Eus Version9.2
Redhat ≫ Enterprise Linux For Arm 64 Version8.0
Redhat ≫ Enterprise Linux For Arm 64 Version8.8_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version7.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Enterprise Linux For Power Big Endian Version7.0_ppc64
Redhat ≫ Enterprise Linux For Power Little Endian Version7.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Enterprise Linux For Scientific Computing Version7.0
Redhat ≫ Enterprise Linux Server Version7.0
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server Aus Version9.2
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Redhat ≫ Enterprise Linux Workstation Version7.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 4.32% | 0.899 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| secalert@redhat.com | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://security.netapp.com/advisory/ntap-20240119-0003/
https://access.redhat.com/errata/RHSA-2023:7771
https://access.redhat.com/errata/RHSA-2023:7778
https://access.redhat.com/errata/RHSA-2023:7783
https://access.redhat.com/errata/RHSA-2023:7786
https://access.redhat.com/errata/RHSA-2023:7788
https://access.redhat.com/errata/RHSA-2023:7789
https://access.redhat.com/errata/RHSA-2023:7790
https://access.redhat.com/errata/RHSA-2023:7878
https://access.redhat.com/security/cve/CVE-2023-5869
https://bugzilla.redhat.com/show_bug.cgi?id=2247169
https://www.postgresql.org/support/security/CVE-2023-5869/
https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html