CVE-2023-5869

high

Description

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

References

https://www.cisa.gov/news-events/ics-advisories/icsa-24-228-06

https://www.postgresql.org/support/security/CVE-2023-5869/

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

https://bugzilla.redhat.com/show_bug.cgi?id=2247169

https://access.redhat.com/security/cve/CVE-2023-5869

https://access.redhat.com/errata/RHSA-2024:0337

https://access.redhat.com/errata/RHSA-2024:0332

https://access.redhat.com/errata/RHSA-2024:0304

https://access.redhat.com/errata/RHSA-2023:7885

https://access.redhat.com/errata/RHSA-2023:7884

https://access.redhat.com/errata/RHSA-2023:7883

https://access.redhat.com/errata/RHSA-2023:7878

https://access.redhat.com/errata/RHSA-2023:7790

https://access.redhat.com/errata/RHSA-2023:7789

https://access.redhat.com/errata/RHSA-2023:7788

https://access.redhat.com/errata/RHSA-2023:7786

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7784

https://access.redhat.com/errata/RHSA-2023:7783

https://access.redhat.com/errata/RHSA-2023:7778

https://access.redhat.com/errata/RHSA-2023:7772

https://access.redhat.com/errata/RHSA-2023:7771

https://access.redhat.com/errata/RHSA-2023:7770

https://access.redhat.com/errata/RHSA-2023:7714

https://access.redhat.com/errata/RHSA-2023:7695

https://access.redhat.com/errata/RHSA-2023:7694

https://access.redhat.com/errata/RHSA-2023:7667

https://access.redhat.com/errata/RHSA-2023:7666

https://access.redhat.com/errata/RHSA-2023:7656

https://access.redhat.com/errata/RHSA-2023:7616

https://access.redhat.com/errata/RHSA-2023:7581

https://access.redhat.com/errata/RHSA-2023:7580

https://access.redhat.com/errata/RHSA-2023:7579

https://access.redhat.com/errata/RHSA-2023:7545

Details

Source: Mitre, NVD

Published: 2023-12-10

Updated: 2024-09-14

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High