Vulnerability Description
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Postgresql | Postgresql | >= 11.0, < 11.22 |
| Redhat | Codeready Linux Builder Eus | 9.2 |
| Redhat | Codeready Linux Builder Eus For Power Little Endian Eus | 9.0_ppc64le |
| Redhat | Codeready Linux Builder For Arm64 Eus | 8.6_aarch64 |
| Redhat | Codeready Linux Builder For Ibm Z Systems Eus | 9.0_s390x |
| Redhat | Codeready Linux Builder For Power Little Endian Eus | 9.0_ppc64le |
| Redhat | Software Collections | 1.0 |
| Redhat | Enterprise Linux | 8.0 |
| Redhat | Enterprise Linux Eus | 8.6 |
| Redhat | Enterprise Linux For Arm 64 | 8.0 |
| Redhat | Enterprise Linux For Ibm Z Systems | 8.0_s390x |
| Redhat | Enterprise Linux For Ibm Z Systems Eus | 8.6_s390x |
| Redhat | Enterprise Linux For Power Little Endian | 8.0_ppc64le |
| Redhat | Enterprise Linux For Power Little Endian Eus | 8.6_ppc64le |
| Redhat | Enterprise Linux Server Aus | 8.2 |
| Redhat | Enterprise Linux Server Tus | 8.2 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2023:7545Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7579Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7580Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7581Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7616Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7656Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7666Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7667Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7694Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7695Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7714Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7770Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7772Third Party Advisory
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
FAQ
What is CVE-2023-5868?
CVE-2023-5868 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handlin...
How severe is CVE-2023-5868?
CVE-2023-5868 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-5868?
Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder Eus For Power Little Endian Eus, Redhat Codeready Linux Builder For Arm64 Eus, Redhat Codeready Linux Builder For Ibm Z Systems Eus.