Vulnerability Details CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.027
EPSS Ranking 85.2%
CVSS Severity
CVSS v3 Score 4.3
References
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5868
- https://bugzilla.redhat.com/show_bug.cgi?id=2247168
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5868/
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5868
- https://bugzilla.redhat.com/show_bug.cgi?id=2247168
- https://security.netapp.com/advisory/ntap-20240119-0003/
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5868/
Products affected by CVE-2023-5868
-
cpe:2.3:a:postgresql:postgresql:11.0
-
cpe:2.3:a:postgresql:postgresql:11.1
-
cpe:2.3:a:postgresql:postgresql:11.10
-
cpe:2.3:a:postgresql:postgresql:11.11
-
cpe:2.3:a:postgresql:postgresql:11.12
-
cpe:2.3:a:postgresql:postgresql:11.13
-
cpe:2.3:a:postgresql:postgresql:11.14
-
cpe:2.3:a:postgresql:postgresql:11.15
-
cpe:2.3:a:postgresql:postgresql:11.16
-
cpe:2.3:a:postgresql:postgresql:11.17
-
cpe:2.3:a:postgresql:postgresql:11.18
-
cpe:2.3:a:postgresql:postgresql:11.19
-
cpe:2.3:a:postgresql:postgresql:11.2
-
cpe:2.3:a:postgresql:postgresql:11.20
-
cpe:2.3:a:postgresql:postgresql:11.21
-
cpe:2.3:a:postgresql:postgresql:11.3
-
cpe:2.3:a:postgresql:postgresql:11.4
-
cpe:2.3:a:postgresql:postgresql:11.5
-
cpe:2.3:a:postgresql:postgresql:11.6
-
cpe:2.3:a:postgresql:postgresql:11.7
-
cpe:2.3:a:postgresql:postgresql:11.8
-
cpe:2.3:a:postgresql:postgresql:11.9
-
cpe:2.3:a:postgresql:postgresql:12.0
-
cpe:2.3:a:postgresql:postgresql:12.1
-
cpe:2.3:a:postgresql:postgresql:12.10
-
cpe:2.3:a:postgresql:postgresql:12.11
-
cpe:2.3:a:postgresql:postgresql:12.12
-
cpe:2.3:a:postgresql:postgresql:12.13
-
cpe:2.3:a:postgresql:postgresql:12.14
-
cpe:2.3:a:postgresql:postgresql:12.15
-
cpe:2.3:a:postgresql:postgresql:12.16
-
cpe:2.3:a:postgresql:postgresql:12.2
-
cpe:2.3:a:postgresql:postgresql:12.3
-
cpe:2.3:a:postgresql:postgresql:12.4
-
cpe:2.3:a:postgresql:postgresql:12.5
-
cpe:2.3:a:postgresql:postgresql:12.6
-
cpe:2.3:a:postgresql:postgresql:12.7
-
cpe:2.3:a:postgresql:postgresql:12.8
-
cpe:2.3:a:postgresql:postgresql:12.9
-
cpe:2.3:a:postgresql:postgresql:13.0
-
cpe:2.3:a:postgresql:postgresql:13.1
-
cpe:2.3:a:postgresql:postgresql:13.10
-
cpe:2.3:a:postgresql:postgresql:13.11
-
cpe:2.3:a:postgresql:postgresql:13.12
-
cpe:2.3:a:postgresql:postgresql:13.2
-
cpe:2.3:a:postgresql:postgresql:13.3
-
cpe:2.3:a:postgresql:postgresql:13.4
-
cpe:2.3:a:postgresql:postgresql:13.5
-
cpe:2.3:a:postgresql:postgresql:13.6
-
cpe:2.3:a:postgresql:postgresql:13.7
-
cpe:2.3:a:postgresql:postgresql:13.8
-
cpe:2.3:a:postgresql:postgresql:13.9
-
cpe:2.3:a:postgresql:postgresql:14.0
-
cpe:2.3:a:postgresql:postgresql:14.1
-
cpe:2.3:a:postgresql:postgresql:14.2
-
cpe:2.3:a:postgresql:postgresql:14.3
-
cpe:2.3:a:postgresql:postgresql:14.4
-
cpe:2.3:a:postgresql:postgresql:14.5
-
cpe:2.3:a:postgresql:postgresql:14.6
-
cpe:2.3:a:postgresql:postgresql:14.7
-
cpe:2.3:a:postgresql:postgresql:14.8
-
cpe:2.3:a:postgresql:postgresql:14.9
-
cpe:2.3:a:postgresql:postgresql:15.0
-
cpe:2.3:a:postgresql:postgresql:15.1
-
cpe:2.3:a:postgresql:postgresql:15.2
-
cpe:2.3:a:postgresql:postgresql:15.3
-
cpe:2.3:a:postgresql:postgresql:15.4
-
cpe:2.3:a:postgresql:postgresql:16.0
-
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2
-
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le
-
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le
-
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64
-
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64
-
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64
-
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x
-
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x
-
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le
-
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le
-
cpe:2.3:a:redhat:software_collections:1.0
-
cpe:2.3:o:redhat:enterprise_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:9.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.6
-
cpe:2.3:o:redhat:enterprise_linux_eus:8.8
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.0
-
cpe:2.3:o:redhat:enterprise_linux_eus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0
-
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6
-
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4
-
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6