CVE-2023-5868

CVE-2023-5868

Name

CVE-2023-5868

Description

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7545
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7579
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7580
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7581
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7616
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7656
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7666
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7667
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7694
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7695
secalert@redhat.com	https://access.redhat.com/security/cve/CVE-2023-5868
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=2247168
secalert@redhat.com	https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
secalert@redhat.com	https://www.postgresql.org/support/security/CVE-2023-5868/
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7714
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7770
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7772
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7784
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7785
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7883
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7884
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2023:7885
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0304
secalert@redhat.com	https://security.netapp.com/advisory/ntap-20240119-0003/
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0332
secalert@redhat.com	https://access.redhat.com/errata/RHSA-2024:0337
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html

Type

URI

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7545

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7579

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7580

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7581

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7616

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7656

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7666

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7667

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7694

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7695

secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-5868

secalert@redhat.com

https://bugzilla.redhat.com/show_bug.cgi?id=2247168

secalert@redhat.com

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

secalert@redhat.com

https://www.postgresql.org/support/security/CVE-2023-5868/

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7714

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7770

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7772

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7784

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7785

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7883

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7884

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7885

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0304

secalert@redhat.com

https://security.netapp.com/advisory/ntap-20240119-0003/

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0332

secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0337

af854a3a-2127-422b-91ae-364da2661108

https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 11.0	< 11.22
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 12.0	< 12.17
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 13.0	< 13.13
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 14.0	< 14.10
`cpe:2.3:a:postgresql:postgresql::::::::`	postgresql	>= 15.0	< 15.5
`cpe:2.3:a:postgresql:postgresql:16.0:::::::*`	postgresql	== None	== 16.0

CPE URI

Source package

Min version

Max version