CVE-2023-5869

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5869
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:7545 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7714 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7771 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7778 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7783 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7786
https://access.redhat.com/errata/RHSA-2023:7788
https://access.redhat.com/errata/RHSA-2023:7789
https://access.redhat.com/errata/RHSA-2023:7790
https://access.redhat.com/errata/RHSA-2023:7878
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5869 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247169 Issue Tracking
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ Release Notes
https://www.postgresql.org/support/security/CVE-2023-5869/ Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
History

25 Jan 2024, 09:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0337 -

22 Jan 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0332 -

19 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240119-0003/ -

19 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0304 -

20 Dec 2023, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7883 -
  • () https://access.redhat.com/errata/RHSA-2023:7884 -
  • () https://access.redhat.com/errata/RHSA-2023:7885 -

19 Dec 2023, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7878 -

19 Dec 2023, 06:15

Type Values Removed Values Added
CWE CWE-119

13 Dec 2023, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7784 -
  • () https://access.redhat.com/errata/RHSA-2023:7785 -
  • () https://access.redhat.com/errata/RHSA-2023:7786 -
  • () https://access.redhat.com/errata/RHSA-2023:7788 -
  • () https://access.redhat.com/errata/RHSA-2023:7789 -
  • () https://access.redhat.com/errata/RHSA-2023:7790 -

13 Dec 2023, 21:32

Type Values Removed Values Added
First Time Redhat enterprise Linux
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat codeready Linux Builder For Arm64 Eus
Redhat enterprise Linux Desktop
Redhat enterprise Linux Server Tus
Redhat software Collections
Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian Eus
Postgresql postgresql
Redhat enterprise Linux Server Aus
Redhat enterprise Linux For Power Big Endian
Redhat enterprise Linux Eus
Redhat enterprise Linux For Arm 64
Redhat enterprise Linux Server
Redhat enterprise Linux For Scientific Computing
Redhat
Redhat codeready Linux Builder Eus
Redhat enterprise Linux For Ibm Z Systems Eus
Redhat enterprise Linux For Power Little Endian
Postgresql
Redhat codeready Linux Builder Eus For Power Little Endian Eus
Redhat enterprise Linux Workstation
References () https://access.redhat.com/errata/RHSA-2023:7545 - () https://access.redhat.com/errata/RHSA-2023:7545 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7579 - () https://access.redhat.com/errata/RHSA-2023:7579 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7580 - () https://access.redhat.com/errata/RHSA-2023:7580 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7581 - () https://access.redhat.com/errata/RHSA-2023:7581 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7616 - () https://access.redhat.com/errata/RHSA-2023:7616 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7656 - () https://access.redhat.com/errata/RHSA-2023:7656 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7666 - () https://access.redhat.com/errata/RHSA-2023:7666 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7667 - () https://access.redhat.com/errata/RHSA-2023:7667 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7694 - () https://access.redhat.com/errata/RHSA-2023:7694 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7695 - () https://access.redhat.com/errata/RHSA-2023:7695 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7714 - () https://access.redhat.com/errata/RHSA-2023:7714 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7770 - () https://access.redhat.com/errata/RHSA-2023:7770 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7771 - () https://access.redhat.com/errata/RHSA-2023:7771 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7772 - () https://access.redhat.com/errata/RHSA-2023:7772 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7778 - () https://access.redhat.com/errata/RHSA-2023:7778 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7783 - () https://access.redhat.com/errata/RHSA-2023:7783 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-5869 - () https://access.redhat.com/security/cve/CVE-2023-5869 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2247169 - () https://bugzilla.redhat.com/show_bug.cgi?id=2247169 - Issue Tracking
References () https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ - () https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ - Release Notes
References () https://www.postgresql.org/support/security/CVE-2023-5869/ - () https://www.postgresql.org/support/security/CVE-2023-5869/ - Vendor Advisory
CWE CWE-190
CPE cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*

13 Dec 2023, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7778 -
  • () https://access.redhat.com/errata/RHSA-2023:7783 -

13 Dec 2023, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7770 -
  • () https://access.redhat.com/errata/RHSA-2023:7771 -
  • () https://access.redhat.com/errata/RHSA-2023:7772 -

11 Dec 2023, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7714 -

11 Dec 2023, 12:20

Type Values Removed Values Added
Summary
  • (es) Se encontró una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar código arbitrario al faltar verificaciones de desbordamiento durante la modificación del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificación de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. Esto permite la ejecución de código arbitrario en el sistema de destino, lo que permite a los usuarios escribir bytes arbitrarios en la memoria y leer ampliamente la memoria del servidor.

10 Dec 2023, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-10 18:15

Updated : 2024-01-25 09:15

NVD link : CVE-2023-5869

Mitre link : CVE-2023-5869

CVE.ORG link : CVE-2023-5869

JSON object : View

Products Affected

postgresql

  • postgresql

redhat

  • codeready_linux_builder_eus
  • enterprise_linux_for_power_big_endian
  • codeready_linux_builder_eus_for_power_little_endian_eus
  • enterprise_linux_for_power_little_endian
  • enterprise_linux
  • enterprise_linux_server_aus
  • enterprise_linux_server
  • enterprise_linux_for_ibm_z_systems_eus
  • enterprise_linux_for_arm_64
  • codeready_linux_builder_for_arm64_eus
  • enterprise_linux_for_ibm_z_systems
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_desktop
  • codeready_linux_builder_for_power_little_endian_eus
  • enterprise_linux_eus
  • software_collections
  • codeready_linux_builder_for_ibm_z_systems_eus
  • enterprise_linux_server_tus
  • enterprise_linux_workstation
  • enterprise_linux_for_scientific_computing
CWE
CWE-190

Integer Overflow or Wraparound