Vulnerabilities > CVE-2023-5868

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

postgresql

redhat

NVD

Published: 2023-12-10

Updated: 2024-01-25

Summary

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql 16.0 Postgresql Postgresql 15.0 Postgresql Postgresql 15.1 Postgresql Postgresql 15.2 Postgresql Postgresql 15.3 Postgresql Postgresql 15.4 Postgresql Postgresql 14.0 Postgresql Postgresql 14.1 Postgresql Postgresql 14.2 Postgresql Postgresql 14.3 Postgresql Postgresql 14.4 Postgresql Postgresql 14.5 Postgresql Postgresql 14.6 Postgresql Postgresql 14.7 Postgresql Postgresql 14.8 Postgresql Postgresql 14.9 Postgresql Postgresql 13.0 Postgresql Postgresql 13.1 Postgresql Postgresql 13.2 Postgresql Postgresql 13.3 Postgresql Postgresql 13.4 Postgresql Postgresql 13.5 Postgresql Postgresql 13.6 Postgresql Postgresql 13.7 Postgresql Postgresql 13.8 Postgresql Postgresql 13.9 Postgresql Postgresql 13.10 Postgresql Postgresql 13.11 Postgresql Postgresql 13.12 Postgresql Postgresql 12.0 Postgresql Postgresql 12.1 Postgresql Postgresql 12.2 Postgresql Postgresql 12.3 Postgresql Postgresql 12.4 Postgresql Postgresql 12.5 Postgresql Postgresql 12.6 Postgresql Postgresql 12.7 Postgresql Postgresql 12.8 Postgresql Postgresql 12.9 Postgresql Postgresql 12.10 Postgresql Postgresql 12.11 Postgresql Postgresql 12.12 Postgresql Postgresql 12.13 Postgresql Postgresql 12.14 Postgresql Postgresql 12.15 Postgresql Postgresql 12.16 Postgresql Postgresql 11.0 Postgresql Postgresql 11.1 Postgresql Postgresql 11.2 Postgresql Postgresql 11.3 Postgresql Postgresql 11.4 Postgresql Postgresql 11.5 Postgresql Postgresql 11.6 Postgresql Postgresql 11.7 Postgresql Postgresql 11.8 Postgresql Postgresql 11.9 Postgresql Postgresql 11.10 Postgresql Postgresql 11.11 Postgresql Postgresql 11.12 Postgresql Postgresql 11.13 Postgresql Postgresql 11.14 Postgresql Postgresql 11.15 Postgresql Postgresql 11.16 Postgresql Postgresql 11.17 Postgresql Postgresql 11.18 Postgresql Postgresql 11.19 Postgresql Postgresql 11.20 Postgresql Postgresql 11.21	68
Application	Redhat Redhat Software Collections 1.0 Redhat Codeready Linux Builder FOR Arm64 EUS 9.2_Aarch64 Redhat Codeready Linux Builder FOR Arm64 EUS 9.0_Aarch64 Redhat Codeready Linux Builder FOR Arm64 EUS 8.6_Aarch64 Redhat Codeready Linux Builder FOR IBM Z Systems EUS 9.2_S390X Redhat Codeready Linux Builder FOR IBM Z Systems EUS 9.0_S390X Redhat Codeready Linux Builder EUS FOR Power Little Endian EUS 9.2_Ppc64Le Redhat Codeready Linux Builder EUS FOR Power Little Endian EUS 9.0_Ppc64Le Redhat Codeready Linux Builder EUS 9.2 Redhat Codeready Linux Builder FOR Power Little Endian EUS 9.2_Ppc64Le Redhat Codeready Linux Builder FOR Power Little Endian EUS 9.0_Ppc64Le	11
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0 Redhat Enterprise Linux Server TUS 8.2 Redhat Enterprise Linux Server TUS 8.4 Redhat Enterprise Linux Server TUS 8.6 Redhat Enterprise Linux Server AUS 8.2 Redhat Enterprise Linux Server AUS 8.4 Redhat Enterprise Linux Server AUS 8.6 Redhat Enterprise Linux Server AUS 9.2 Redhat Enterprise Linux EUS 8.6 Redhat Enterprise Linux EUS 9.0 Redhat Enterprise Linux EUS 8.8 Redhat Enterprise Linux EUS 9.2 Redhat Enterprise Linux FOR ARM 64 8.0 Redhat Enterprise Linux FOR ARM 64 8.8_Aarch64 Redhat Enterprise Linux FOR Power Little Endian EUS 9.2_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian EUS 8.8_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian EUS 9.0_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian EUS 8.6_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian 8.0_Ppc64Le Redhat Enterprise Linux FOR IBM Z Systems EUS 8.8_S390X Redhat Enterprise Linux FOR IBM Z Systems EUS 9.2_S390X Redhat Enterprise Linux FOR IBM Z Systems EUS 9.0_S390X Redhat Enterprise Linux FOR IBM Z Systems EUS 8.6_S390X Redhat Enterprise Linux FOR IBM Z Systems 8.0_S390X	25

Vulnerabilities > CVE-2023-5868 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-5868"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-5868