CVE-2023-5869

high-risk

Published 2023-12-10

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Do I need to act?

1.6% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (20)

Postgresql

Codeready Linux Builder Eus

Codeready Linux Builder Eus For Power Little Endian Eus

Codeready Linux Builder For Arm64 Eus

Codeready Linux Builder For Ibm Z Systems Eus

Codeready Linux Builder For Power Little Endian Eus

Software Collections

Enterprise Linux

Enterprise Linux Desktop

Enterprise Linux Eus

Affected Vendors

Redhat Postgresql

References (68)

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7545

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7579

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7580

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7581

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7616

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7656

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7666

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7667

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7694

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7695

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7714

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7770

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7771

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7772

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7778

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7783

https://access.redhat.com/errata/RHSA-2023:7784

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7786

https://access.redhat.com/errata/RHSA-2023:7788

and 48 more references

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 4/34 · Minimal

Exposure 25/34 · High