← volver
CVE-2023-5869

Postgresql: buffer overrun from integer overflow in array modification

CVSS 8.8 HIGHEPSS 4.3%CWE-190
Vexday Risk Score
21Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 8.8EPSS 4.3%KEV nãoPoC Nuclei Metasploit Patch referenciado
Ciclo de vida
10 dic 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Productos afectados
Red Hat · Red Hat Advanced Cluster Security 4.2Red Hat · Red Hat Enterprise Linux 6Red Hat · Red Hat Enterprise Linux 7Red Hat · Red Hat Enterprise Linux 8Red Hat · Red Hat Enterprise Linux 8.1 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.2 Advanced Update SupportRed Hat · Red Hat Enterprise Linux 8.2 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.2 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update SupportRed Hat · Red Hat Enterprise Linux 8.4 Telecommunications Update ServiceRed Hat · Red Hat Enterprise Linux 8.4 Update Services for SAP SolutionsRed Hat · Red Hat Enterprise Linux 8.6 Extended Update SupportRed Hat · Red Hat Enterprise Linux 8.8 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9Red Hat · Red Hat Enterprise Linux 9.0 Extended Update SupportRed Hat · Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat · Red Hat Software Collections for Red Hat Enterprise Linux 7Red Hat · RHACS-3.74-RHEL-8Red Hat · RHACS-4.1-RHEL-8

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2023:7545https://access.redhat.com/errata/RHSA-2023:7579https://access.redhat.com/errata/RHSA-2023:7580https://access.redhat.com/errata/RHSA-2023:7581https://access.redhat.com/errata/RHSA-2023:7616https://access.redhat.com/errata/RHSA-2023:7656https://access.redhat.com/errata/RHSA-2023:7666https://access.redhat.com/errata/RHSA-2023:7667https://access.redhat.com/errata/RHSA-2023:7694https://access.redhat.com/errata/RHSA-2023:7695https://access.redhat.com/errata/RHSA-2023:7714https://access.redhat.com/errata/RHSA-2023:7770