fkie_cve-2023-5869
Vulnerability from fkie_nvd
Published
2023-12-10 18:15
Modified
2024-11-21 08:42
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7545Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7579Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7580Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7581Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7616Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7656Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7666Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7667Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7694Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7695Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7714Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7770Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7771Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7772Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7778Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7783Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7784
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7785
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7786
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7788
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7789
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7790
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7878
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7883
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7884
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2023:7885
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0304
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0332
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2024:0337
secalert@redhat.comhttps://access.redhat.com/security/cve/CVE-2023-5869Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=2247169Issue Tracking
secalert@redhat.comhttps://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/Release Notes
secalert@redhat.comhttps://www.postgresql.org/support/security/CVE-2023-5869/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7545Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7579Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7580Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7581Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7616Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7656Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7666Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7667Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7694Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7695Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7714Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7770Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7771Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7772Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7778Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7783Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7784
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7785
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7786
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7788
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7789
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7790
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7878
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7883
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7884
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2023:7885
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0304
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0332
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2024:0337
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/cve/CVE-2023-5869Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=2247169Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240119-0003/
af854a3a-2127-422b-91ae-364da2661108https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://www.postgresql.org/support/security/CVE-2023-5869/Vendor Advisory
Impacted products
Vendor Product Version
postgresql postgresql *
postgresql postgresql *
postgresql postgresql *
postgresql postgresql *
postgresql postgresql *
postgresql postgresql 16.0
redhat codeready_linux_builder_eus 9.2
redhat codeready_linux_builder_eus_for_power_little_endian_eus 9.0_ppc64le
redhat codeready_linux_builder_eus_for_power_little_endian_eus 9.2_ppc64le
redhat codeready_linux_builder_for_arm64_eus 8.6_aarch64
redhat codeready_linux_builder_for_arm64_eus 9.0_aarch64
redhat codeready_linux_builder_for_arm64_eus 9.2_aarch64
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.0_s390x
redhat codeready_linux_builder_for_ibm_z_systems_eus 9.2_s390x
redhat codeready_linux_builder_for_power_little_endian_eus 9.0_ppc64le
redhat codeready_linux_builder_for_power_little_endian_eus 9.2_ppc64le
redhat software_collections 1.0
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 8.6
redhat enterprise_linux_eus 8.8
redhat enterprise_linux_eus 9.0
redhat enterprise_linux_eus 9.2
redhat enterprise_linux_for_arm_64 8.0
redhat enterprise_linux_for_arm_64 8.8_aarch64
redhat enterprise_linux_for_ibm_z_systems 7.0_s390x
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.6_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 8.8_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.0_s390x
redhat enterprise_linux_for_ibm_z_systems_eus 9.2_s390x
redhat enterprise_linux_for_power_big_endian 7.0_ppc64
redhat enterprise_linux_for_power_little_endian 7.0_ppc64le
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.6_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 8.8_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.0_ppc64le
redhat enterprise_linux_for_power_little_endian_eus 9.2_ppc64le
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 8.2
redhat enterprise_linux_server_aus 8.4
redhat enterprise_linux_server_aus 8.6
redhat enterprise_linux_server_aus 9.2
redhat enterprise_linux_server_tus 8.2
redhat enterprise_linux_server_tus 8.4
redhat enterprise_linux_server_tus 8.6
redhat enterprise_linux_workstation 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71",
              "versionEndExcluding": "11.22",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF",
              "versionEndExcluding": "12.17",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001",
              "versionEndExcluding": "13.13",
              "versionStartIncluding": "13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21",
              "versionEndExcluding": "14.10",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932",
              "versionEndExcluding": "15.5",
              "versionStartIncluding": "15.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*",
              "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*",
              "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\u0027s memory."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar c\u00f3digo arbitrario al faltar verificaciones de desbordamiento durante la modificaci\u00f3n del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificaci\u00f3n de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. Esto permite la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema de destino, lo que permite a los usuarios escribir bytes arbitrarios en la memoria y leer ampliamente la memoria del servidor."
    }
  ],
  "id": "CVE-2023-5869",
  "lastModified": "2024-11-21T08:42:40.427",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-12-10T18:15:07.410",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7545"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7579"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7580"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7581"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7616"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7656"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7666"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7667"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7694"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7695"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7714"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7770"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7771"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7772"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7778"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7783"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7784"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7785"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7786"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7788"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7789"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7790"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7878"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7883"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7884"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2023:7885"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0304"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0332"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://access.redhat.com/errata/RHSA-2024:0337"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-5869"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.postgresql.org/support/security/CVE-2023-5869/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7545"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7579"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7581"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7616"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7656"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7694"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7714"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7770"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7772"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7778"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2023:7783"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7784"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7785"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7786"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7788"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7789"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7790"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7878"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7883"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7884"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2023:7885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://access.redhat.com/errata/RHSA-2024:0337"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/cve/CVE-2023-5869"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240119-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.postgresql.org/support/security/CVE-2023-5869/"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.