← volver
CVE-2023-5868

Postgresql: memory disclosure in aggregate function calls

CVSS 4.3 MEDIUMEPSS 2.8%CWE-686
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 4.3EPSS 2.8%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
10 dic 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Productos afectados
Red Hat · Red Hat Advanced Cluster Security 4.2Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat Software CollectionsRed Hat · Red Hat Software Collections for Red Hat Enterprise Linux 7Red Hat · RHACS-3.74-RHEL-8Red Hat · RHACS-4.1-RHEL-8

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2023:7545https://access.redhat.com/errata/RHSA-2023:7579https://access.redhat.com/errata/RHSA-2023:7580https://access.redhat.com/errata/RHSA-2023:7581https://access.redhat.com/errata/RHSA-2023:7616https://access.redhat.com/errata/RHSA-2023:7656https://access.redhat.com/errata/RHSA-2023:7666https://access.redhat.com/errata/RHSA-2023:7667https://access.redhat.com/errata/RHSA-2023:7694https://access.redhat.com/errata/RHSA-2023:7695https://access.redhat.com/errata/RHSA-2023:7714https://access.redhat.com/errata/RHSA-2023:7770