CVE-2023-5869
Severity
8.8HIGH
EPSS
1.6%
top 18.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 10
Latest updateJan 17
Description
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages12 packages
Also affects: Enterprise Linux 8.0, 9.0, 8.6, 8.8, 9.2, 7.0, 7.0_ppc64, 8.2, 8.4
🔴Vulnerability Details
6GHSA▶
GHSA-9625-p7pg-3cxg: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array val↗2023-12-10
OSV▶
CVE-2023-5869: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array val↗2023-12-10