← back
CVE-2023-5868

Postgresql: memory disclosure in aggregate function calls

CVSS 4.3 MEDIUMEPSS 2.8%CWE-686
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 2.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Lifecycle
10 Dec 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Red Hat · Red Hat Advanced Cluster Security 4.2Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat Software CollectionsRed Hat · Red Hat Software Collections for Red Hat Enterprise Linux 7Red Hat · RHACS-3.74-RHEL-8Red Hat · RHACS-4.1-RHEL-8

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2023:7545https://access.redhat.com/errata/RHSA-2023:7579https://access.redhat.com/errata/RHSA-2023:7580https://access.redhat.com/errata/RHSA-2023:7581https://access.redhat.com/errata/RHSA-2023:7616https://access.redhat.com/errata/RHSA-2023:7656https://access.redhat.com/errata/RHSA-2023:7666https://access.redhat.com/errata/RHSA-2023:7667https://access.redhat.com/errata/RHSA-2023:7694https://access.redhat.com/errata/RHSA-2023:7695https://access.redhat.com/errata/RHSA-2023:7714https://access.redhat.com/errata/RHSA-2023:7770