CVE-2023-5869
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | Red Hat Advanced Cluster Security 4.2 | 4.2.4-6 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.2 | 4.2.4-6 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.2 | 4.2.4-7 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.2 | 4.2.4-6 < * | unaffected |
| Red Hat | Red Hat Advanced Cluster Security 4.2 | 4.2.4-7 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 7 | 0:9.2.24-9.el7_9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8090020231114113712.a75119d5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8090020231128173330.a75119d5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8090020231201202407.a75119d5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8 | 8090020231114113548.a75119d5 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | 8010020231130170510.c27ad7f8 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 8020020231128165246.4cda2c84 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support | 8020020231201202149.4cda2c84 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service | 8020020231128165246.4cda2c84 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Telecommunications Update Service | 8020020231201202149.4cda2c84 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | 8020020231128165246.4cda2c84 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | 8020020231201202149.4cda2c84 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 8040020231127153301.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 8040020231127154806.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | 8040020231127142440.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 8040020231127153301.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 8040020231127154806.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service | 8040020231127142440.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 8040020231127153301.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 8040020231127154806.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | 8040020231127142440.522a0ee4 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 8060020231114115246.ad008a3a < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 8060020231128165328.ad008a3a < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 8060020231201202249.ad008a3a < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 8080020231114105206.63b34585 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 8080020231128165335.63b34585 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 8080020231201202316.63b34585 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 8080020231113134015.63b34585 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 0:13.13-1.el9_3 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9 | 9030020231120082734.rhel9 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 0:13.13-1.el9_0 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:13.13-1.el9_2 < * | unaffected |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 9020020231115020618.rhel9 < * | unaffected |
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 | 0:12.17-1.el7 < * | unaffected |
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 | 0:10.23-2.el7 < * | unaffected |
| Red Hat | Red Hat Software Collections for Red Hat Enterprise Linux 7 | 0:13.13-1.el7 < * | unaffected |
| Red Hat | RHACS-3.74-RHEL-8 | 3.74.8-9 < * | unaffected |
| Red Hat | RHACS-3.74-RHEL-8 | 3.74.8-9 < * | unaffected |
| Red Hat | RHACS-3.74-RHEL-8 | 3.74.8-7 < * | unaffected |
| Red Hat | RHACS-3.74-RHEL-8 | 3.74.8-9 < * | unaffected |
| Red Hat | RHACS-3.74-RHEL-8 | 3.74.8-9 < * | unaffected |
| Red Hat | RHACS-4.1-RHEL-8 | 4.1.6-6 < * | unaffected |
| Red Hat | RHACS-4.1-RHEL-8 | 4.1.6-6 < * | unaffected |
| Red Hat | RHACS-4.1-RHEL-8 | 4.1.6-6 < * | unaffected |
| Red Hat | RHACS-4.1-RHEL-8 | 4.1.6-6 < * | unaffected |
| Red Hat | RHACS-4.1-RHEL-8 | 4.1.6-6 < * | unaffected |
Weaknesses
- CWE-190: Integer Overflow or Wraparound
Workarounds
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7771
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7778
- https://access.redhat.com/errata/RHSA-2023:7783
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7786
- https://access.redhat.com/errata/RHSA-2023:7788
- https://access.redhat.com/errata/RHSA-2023:7789
- https://access.redhat.com/errata/RHSA-2023:7790
- https://access.redhat.com/errata/RHSA-2023:7878
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5869
- https://bugzilla.redhat.com/show_bug.cgi?id=2247169
- https://security.netapp.com/advisory/ntap-20240119-0003/
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5869/
- https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
References
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7771
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7778
- https://access.redhat.com/errata/RHSA-2023:7783
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7786
- https://access.redhat.com/errata/RHSA-2023:7788
- https://access.redhat.com/errata/RHSA-2023:7789
- https://access.redhat.com/errata/RHSA-2023:7790
- https://access.redhat.com/errata/RHSA-2023:7878
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5869
- https://bugzilla.redhat.com/show_bug.cgi?id=2247169
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5869/
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.