CVE-2023-5869

Home/CVE/A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overfl

CVE

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overfl

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

HIGH · CVSS 8.8 EPSS 0.01608

Schedule remediation

CVSS base score ≥ 7.0

Sigma rules0 YARA rules0

⬡

Weakness Classification

CWE-190Integer Overflow or Wraparound

▤

Affected Products & Versions

postgresql>= 11.0 and < 11.22
postgresql>= 12.0 and < 12.17
postgresql>= 13.0 and < 13.13
postgresql>= 14.0 and < 14.10
postgresql>= 15.0 and < 15.5
postgresqlall versions
redhat codeready linux builder eusall versions
redhat codeready linux builder eus for power little endian eusall versions
Show all 26 affected productsredhat codeready linux builder for arm64 eusall versions
redhat codeready linux builder for ibm z systems eusall versions
redhat codeready linux builder for power little endian eusall versions
redhat software collectionsall versions
redhat enterprise linuxall versions
redhat enterprise linux desktopall versions
redhat enterprise linux eusall versions
redhat enterprise linux for arm 64all versions
redhat enterprise linux for ibm z systemsall versions
redhat enterprise linux for ibm z systems eusall versions
redhat enterprise linux for power big endianall versions
redhat enterprise linux for power little endianall versions
redhat enterprise linux for power little endian eusall versions
redhat enterprise linux for scientific computingall versions
redhat enterprise linux serverall versions
redhat enterprise linux server ausall versions
redhat enterprise linux server tusall versions
redhat enterprise linux workstationall versions

▣

Scoring & Timeline

8.8

HIGH · CVSS v3.1 · secalert@redhat.com

View on NVD

Attack Vector

Network Adjacent Local Physical

Attack Complexity

Low High

Privileges Required

None Low High

User Interaction

None Required

Scope

Unchanged Changed

Confidentiality

None Low High

Integrity

None Low High

Availability

None Low High

Published to NVD10 Dec 2023 · 06:15 PM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

⚑

Vendor Advisories

suse-csafopenSUSE-SU-2025:15580-1
siemens-csafSSA-784301
suse-csafopenSUSE-SU-2024:13408-1
suse-csafopenSUSE-SU-2024:13409-1
suse-csafopenSUSE-SU-2024:13410-1
Show all 30 vendor advisoriessuse-csafopenSUSE-SU-2024:13413-1
suse-csafopenSUSE-SU-2024:13414-1
suse-csafopenSUSE-SU-2024:13668-1
usnUSN-6538-2
suse-csafSUSE-SU-2024:0106-1
usnUSN-6570-1
msrcCVE-2023-5869
usnUSN-6538-1
suse-csafSUSE-SU-2023:4495-1
suse-csafSUSE-SU-2023:4479-1
suse-csafSUSE-SU-2023:4454-1
suse-csafSUSE-SU-2023:4455-1
suse-csafSUSE-SU-2023:4433-1
suse-csafSUSE-SU-2023:4434-1
suse-csafSUSE-SU-2023:4418-1
suse-csafSUSE-SU-2023:4425-1
rhsaRHSA-2023:7616Moderate
rhsaRHSA-2023:7714Moderate
rhsaRHSA-2023:7667Moderate
rhsaRHSA-2023:7579Moderate
rhsaRHSA-2023:7656Moderate
rhsaRHSA-2023:7666Moderate
rhsaRHSA-2023:7545Moderate
rhsaRHSA-2023:7580Moderate
rhsaRHSA-2023:7885Moderate