CVE-2023-5868

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

4.3 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:7545 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7714 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5868 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247168 Issue Tracking
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ Release Notes
https://www.postgresql.org/support/security/CVE-2023-5868/ Mitigation Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
History

25 Jan 2024, 09:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0337 -

22 Jan 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0332 -

19 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240119-0003/ -

19 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0304 -

20 Dec 2023, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7883 -
  • () https://access.redhat.com/errata/RHSA-2023:7884 -
  • () https://access.redhat.com/errata/RHSA-2023:7885 -

13 Dec 2023, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7784 -
  • () https://access.redhat.com/errata/RHSA-2023:7785 -

13 Dec 2023, 19:56

Type Values Removed Values Added
First Time Redhat enterprise Linux
Redhat codeready Linux Builder For Arm64 Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat enterprise Linux Server Tus
Redhat software Collections
Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian Eus
Postgresql postgresql
Redhat enterprise Linux Server Aus
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64
Redhat
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat codeready Linux Builder Eus
Redhat enterprise Linux For Power Little Endian
Postgresql
Redhat codeready Linux Builder Eus For Power Little Endian Eus
CPE cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
CWE NVD-CWE-noinfo
References () https://access.redhat.com/errata/RHSA-2023:7545 - () https://access.redhat.com/errata/RHSA-2023:7545 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7579 - () https://access.redhat.com/errata/RHSA-2023:7579 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7580 - () https://access.redhat.com/errata/RHSA-2023:7580 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7581 - () https://access.redhat.com/errata/RHSA-2023:7581 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7616 - () https://access.redhat.com/errata/RHSA-2023:7616 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7656 - () https://access.redhat.com/errata/RHSA-2023:7656 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7666 - () https://access.redhat.com/errata/RHSA-2023:7666 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7667 - () https://access.redhat.com/errata/RHSA-2023:7667 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7694 - () https://access.redhat.com/errata/RHSA-2023:7694 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7695 - () https://access.redhat.com/errata/RHSA-2023:7695 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7714 - () https://access.redhat.com/errata/RHSA-2023:7714 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7770 - () https://access.redhat.com/errata/RHSA-2023:7770 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7772 - () https://access.redhat.com/errata/RHSA-2023:7772 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-5868 - () https://access.redhat.com/security/cve/CVE-2023-5868 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2247168 - () https://bugzilla.redhat.com/show_bug.cgi?id=2247168 - Issue Tracking
References () https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ - () https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ - Release Notes
References () https://www.postgresql.org/support/security/CVE-2023-5868/ - () https://www.postgresql.org/support/security/CVE-2023-5868/ - Mitigation, Vendor Advisory

13 Dec 2023, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7770 -
  • () https://access.redhat.com/errata/RHSA-2023:7772 -

11 Dec 2023, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7714 -

11 Dec 2023, 12:20

Type Values Removed Values Added
Summary
  • (es) Se encontró una vulnerabilidad de divulgación de memoria en PostgreSQL que permite a usuarios remotos acceder a información confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo "desconocido". El manejo de valores de tipo "desconocido" de cadenas literales sin designación de tipo puede revelar bytes, lo que potencialmente revela información importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema.

10 Dec 2023, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-10 18:15

Updated : 2024-01-25 09:15

NVD link : CVE-2023-5868

Mitre link : CVE-2023-5868

CVE.ORG link : CVE-2023-5868

JSON object : View

Products Affected

redhat

  • codeready_linux_builder_eus
  • codeready_linux_builder_for_ibm_z_systems_eus
  • enterprise_linux
  • codeready_linux_builder_for_arm64_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian
  • enterprise_linux_server_tus
  • enterprise_linux_for_ibm_z_systems_eus
  • codeready_linux_builder_for_power_little_endian_eus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_server_aus
  • codeready_linux_builder_eus_for_power_little_endian_eus
  • enterprise_linux_eus
  • software_collections
  • enterprise_linux_for_arm_64

postgresql

  • postgresql
CWE
NVD-CWE-noinfo CWE-686

Function Call With Incorrect Argument Type