CVE-2023-5868 Information

Description

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with ‘unknown’-type arguments. Handling ‘unknown’-type values from string literals without type designation can disclose bytes potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls enabling remote users to read some portion of system memory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Reference

https://access.redhat.com/errata/RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7694 https://access.redhat.com/errata/RHSA-2023:7695 https://access.redhat.com/security/cve/CVE-2023-5868 https://bugzilla.redhat.com/show_bug.cgi?id=2247168 https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ https://www.postgresql.org/support/security/CVE-2023-5868/ https://access.redhat.com/errata/RHSA-2023:7714 https://access.redhat.com/errata/RHSA-2023:7770 https://access.redhat.com/errata/RHSA-2023:7772 https://access.redhat.com/errata/RHSA-2023:7784 https://access.redhat.com/errata/RHSA-2023:7785

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

4.3