Vulnerability CVE-2023-5868: Information

Description

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Severity: MEDIUM (4.3) Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-5868
Published: Dec. 10, 2023
Modified: Jan. 25, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
postgresql11p1011.22-alt0.p10.111.22-alt0.p10.1ALT-PU-2023-7086-4333972Fixed
postgresql11p10_e2k11.22-alt0.p10.111.22-alt0.p10.1ALT-PU-2023-7587-1-Fixed
postgresql11p911.22-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2023-7481-2333985Fixed
postgresql11c10f111.22-alt0.p10.111.22-alt0.p10.1ALT-PU-2023-8223-2336885Fixed
postgresql11c9f211.22-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2023-7083-2333990Fixed
postgresql12sisyphus12.17-alt112.18-alt1ALT-PU-2023-7059-1333881Fixed
postgresql12sisyphus_e2k12.17-alt112.18-alt1ALT-PU-2023-7146-1-Fixed
postgresql12sisyphus_riscv6412.17-alt212.18-alt1ALT-PU-2023-7198-1-Fixed
postgresql12p1012.17-alt0.p10.112.18-alt0.p10.1ALT-PU-2023-7087-4333972Fixed
postgresql12p10_e2k12.17-alt0.p10.112.18-alt0.p10.1ALT-PU-2023-7588-1-Fixed
postgresql12p912.17-alt0.M90P.112.18-alt0.M90P.1ALT-PU-2023-7480-2333985Fixed
postgresql12c10f112.17-alt0.p10.112.18-alt0.p10.1ALT-PU-2023-8221-2336885Fixed
postgresql12c9f212.17-alt0.M90P.112.18-alt0.c9f2.1ALT-PU-2023-7082-2333990Fixed
postgresql12-1Cp912.17-alt0.M90P.112.17-alt0.M90P.2ALT-PU-2023-7479-2333985Fixed
postgresql12-1Cc9f212.17-alt0.M90P.112.17-alt0.c9f2.2ALT-PU-2023-7081-2333990Fixed
postgresql13sisyphus13.13-alt113.14-alt1ALT-PU-2023-7057-1333881Fixed
postgresql13sisyphus_e2k13.13-alt113.14-alt1ALT-PU-2023-7147-1-Fixed
postgresql13sisyphus_riscv6413.13-alt213.14-alt1ALT-PU-2023-7173-1-Fixed
postgresql13p1013.13-alt0.p10.113.14-alt0.p10.1ALT-PU-2023-7088-4333972Fixed
postgresql13p10_e2k13.13-alt0.p10.113.14-alt0.p10.1ALT-PU-2023-7589-1-Fixed
postgresql13c10f113.13-alt0.p10.113.14-alt0.p10.1ALT-PU-2023-8224-2336885Fixed
postgresql14sisyphus14.10-alt114.11-alt1ALT-PU-2023-7062-1333881Fixed
postgresql14sisyphus_e2k14.10-alt114.11-alt1ALT-PU-2023-7148-1-Fixed
postgresql14sisyphus_riscv6414.10-alt214.11-alt1ALT-PU-2023-7174-1-Fixed
postgresql14p1014.10-alt0.p10.114.11-alt0.p10.1ALT-PU-2023-7089-4333972Fixed
postgresql14p10_e2k14.10-alt0.p10.114.11-alt0.p10.1ALT-PU-2023-7590-1-Fixed
postgresql14c10f114.10-alt0.p10.114.11-alt0.p10.1ALT-PU-2023-8225-2336885Fixed
postgresql15sisyphus15.5-alt115.6-alt1ALT-PU-2023-7060-1333881Fixed
postgresql15sisyphus_e2k15.5-alt115.6-alt1ALT-PU-2023-7149-1-Fixed
postgresql15sisyphus_riscv6415.5-alt115.6-alt1ALT-PU-2023-7763-1-Fixed
postgresql15p1015.5-alt0.p10.115.6-alt0.p10.1ALT-PU-2023-7090-4333972Fixed
postgresql15p10_e2k15.5-alt0.p10.115.6-alt0.p10.1ALT-PU-2023-7591-1-Fixed
postgresql15c10f115.5-alt0.c10.115.6-alt0.c10.1ALT-PU-2023-8222-2336885Fixed
postgresql15-1Csisyphus15.5-alt115.5-alt4ALT-PU-2023-7058-1333881Fixed
postgresql15-1Csisyphus_e2k15.5-alt115.5-alt4ALT-PU-2023-7150-1-Fixed
postgresql15-1Csisyphus_riscv6415.5-alt215.5-alt4ALT-PU-2023-7167-1-Fixed
postgresql15-1Cp1015.5-alt0.p10.215.5-alt0.p10.3ALT-PU-2023-7207-2333972Fixed
postgresql15-1Cp10_e2k15.5-alt0.p10.215.5-alt0.p10.3ALT-PU-2023-7592-1-Fixed
postgresql15-1Cc10f115.5-alt0.p10.215.5-alt0.p10.3ALT-PU-2023-8226-2336885Fixed
postgresql16sisyphus16.1-alt116.2-alt1ALT-PU-2023-7061-1333881Fixed
postgresql16sisyphus_e2k16.1-alt216.2-alt1ALT-PU-2023-7145-1-Fixed
postgresql16sisyphus_riscv6416.1-alt216.2-alt1ALT-PU-2023-7196-1-Fixed
postgresql16p1016.1-alt116.2-alt0.p10.1ALT-PU-2023-7061-1333881Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
RHSA-2023:7545
  • Third Party Advisory
RHSA-2023:7579
  • Third Party Advisory
RHSA-2023:7580
  • Third Party Advisory
RHSA-2023:7581
  • Third Party Advisory
RHSA-2023:7616
  • Third Party Advisory
RHSA-2023:7656
  • Third Party Advisory
RHSA-2023:7666
  • Third Party Advisory
RHSA-2023:7667
  • Third Party Advisory
RHSA-2023:7694
  • Third Party Advisory
RHSA-2023:7695
  • Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5868
  • Third Party Advisory
RHBZ#2247168
  • Issue Tracking
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
  • Release Notes
https://www.postgresql.org/support/security/CVE-2023-5868/
  • Mitigation
  • Vendor Advisory
RHSA-2023:7714
  • Third Party Advisory
RHSA-2023:7770
  • Third Party Advisory
RHSA-2023:7772
  • Third Party Advisory
RHSA-2023:7784
    RHSA-2023:7785
      RHSA-2023:7883
        RHSA-2023:7884
          RHSA-2023:7885
            RHSA-2024:0304
              https://security.netapp.com/advisory/ntap-20240119-0003/
                RHSA-2024:0332
                  RHSA-2024:0337

                      1. Configuration 1

                        cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
                        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                        Start including
                        15.0
                        End excliding
                        15.5
                        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                        Start including
                        14.0
                        End excliding
                        14.10
                        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                        Start including
                        13.0
                        End excliding
                        13.13
                        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                        Start including
                        12.0
                        End excliding
                        12.17
                        cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                        Start including
                        11.0
                        End excliding
                        11.22

                        Configuration 2

                        cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
                        cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.5.0
                    Back to top