cbcvebase.
CVE-2023-5868
published 2023-12-10

CVE-2023-5868: A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function…

medium4.3CVSS 3.1
AVNACLPRLUINSUCLINAN
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Affected

45 ranges· showing 25
VendorProductVersion rangeFixed in
debianpostgresql-13< postgresql-13 13.13-0+deb11u1 (bullseye)postgresql-13 13.13-0+deb11u1 (bullseye)
debianpostgresql-15< postgresql-13 13.13-0+deb11u1 (bullseye)postgresql-13 13.13-0+deb11u1 (bullseye)
msrccbl2_postgresql_14.10-1_on_cbl_mariner_2.0
postgresqlpostgresql
postgresqlpostgresql>= 11.0 < 11.2211.22
postgresqlpostgresql>= 12.0 < 12.1712.17
postgresqlpostgresql>= 13.0 < 13.1313.13
postgresqlpostgresql>= 14.0 < 14.1014.10
postgresqlpostgresql>= 15.0 < 15.515.5
redhatcodeready_linux_builder_eus
redhatcodeready_linux_builder_eus_for_power_little_endian_eus
redhatcodeready_linux_builder_eus_for_power_little_endian_eus
redhatcodeready_linux_builder_for_arm64_eus
redhatcodeready_linux_builder_for_arm64_eus
redhatcodeready_linux_builder_for_arm64_eus
redhatcodeready_linux_builder_for_ibm_z_systems_eus
redhatcodeready_linux_builder_for_ibm_z_systems_eus
redhatcodeready_linux_builder_for_power_little_endian_eus
redhatcodeready_linux_builder_for_power_little_endian_eus
redhatenterprise_linux
redhatenterprise_linux
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus
redhatenterprise_linux_eus

CVSS provenance

nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
osv4.3MEDIUM