CVE-2023-5868

moderate-risk

Published 2023-12-10

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Do I need to act?

2.7% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Postgresql

Codeready Linux Builder Eus

Codeready Linux Builder Eus For Power Little Endian Eus

Codeready Linux Builder For Arm64 Eus

Codeready Linux Builder For Ibm Z Systems Eus

Codeready Linux Builder For Power Little Endian Eus

Software Collections

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Arm 64

Affected Vendors

Redhat Postgresql

References (52)

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7545

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7579

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7580

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7581

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7616

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7656

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7666

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7667

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7694

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7695

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7714

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7770

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7772

https://access.redhat.com/errata/RHSA-2023:7784

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7883

https://access.redhat.com/errata/RHSA-2023:7884

https://access.redhat.com/errata/RHSA-2023:7885

https://access.redhat.com/errata/RHSA-2024:0304

https://access.redhat.com/errata/RHSA-2024:0332

and 32 more references

/ 100

moderate-risk

Severity 18/34 · Moderate

Exploitability 6/34 · Minimal

Exposure 24/34 · High