CVE-2023-5868

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-5868
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

4.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://access.redhat.com/errata/RHSA-2023:7545 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695 Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5868 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247168 Issue Tracking
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ Release Notes
https://www.postgresql.org/support/security/CVE-2023-5868/ Mitigation Vendor Advisory
https://access.redhat.com/errata/RHSA-2023:7714 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772 Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
History

14 Sep 2024, 00:15

Type Values Removed Values Added
References
  • {'url': 'https://security.netapp.com/advisory/ntap-20240119-0003/', 'name': 'https://security.netapp.com/advisory/ntap-20240119-0003/', 'tags': [], 'refsource': ''}

25 Jan 2024, 09:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0337 -

22 Jan 2024, 21:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0332 -

19 Jan 2024, 16:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240119-0003/ -

19 Jan 2024, 03:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2024:0304 -

20 Dec 2023, 15:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7884 -
  • () https://access.redhat.com/errata/RHSA-2023:7883 -
  • () https://access.redhat.com/errata/RHSA-2023:7885 -

13 Dec 2023, 22:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7784 -
  • () https://access.redhat.com/errata/RHSA-2023:7785 -

13 Dec 2023, 19:56

Type Values Removed Values Added
References () https://access.redhat.com/errata/RHSA-2023:7580 - () https://access.redhat.com/errata/RHSA-2023:7580 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7656 - () https://access.redhat.com/errata/RHSA-2023:7656 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2247168 - () https://bugzilla.redhat.com/show_bug.cgi?id=2247168 - Issue Tracking
References () https://access.redhat.com/errata/RHSA-2023:7714 - () https://access.redhat.com/errata/RHSA-2023:7714 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7579 - () https://access.redhat.com/errata/RHSA-2023:7579 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7666 - () https://access.redhat.com/errata/RHSA-2023:7666 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7694 - () https://access.redhat.com/errata/RHSA-2023:7694 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7545 - () https://access.redhat.com/errata/RHSA-2023:7545 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7667 - () https://access.redhat.com/errata/RHSA-2023:7667 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7616 - () https://access.redhat.com/errata/RHSA-2023:7616 - Third Party Advisory
References () https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ - () https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ - Release Notes
References () https://www.postgresql.org/support/security/CVE-2023-5868/ - () https://www.postgresql.org/support/security/CVE-2023-5868/ - Mitigation, Vendor Advisory
References () https://access.redhat.com/errata/RHSA-2023:7695 - () https://access.redhat.com/errata/RHSA-2023:7695 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7770 - () https://access.redhat.com/errata/RHSA-2023:7770 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7772 - () https://access.redhat.com/errata/RHSA-2023:7772 - Third Party Advisory
References () https://access.redhat.com/security/cve/CVE-2023-5868 - () https://access.redhat.com/security/cve/CVE-2023-5868 - Third Party Advisory
References () https://access.redhat.com/errata/RHSA-2023:7581 - () https://access.redhat.com/errata/RHSA-2023:7581 - Third Party Advisory
CWE NVD-CWE-noinfo
CPE cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 4.3
First Time Redhat codeready Linux Builder For Arm64 Eus
Redhat enterprise Linux For Power Little Endian Eus
Redhat enterprise Linux For Ibm Z Systems
Redhat codeready Linux Builder Eus For Power Little Endian Eus
Redhat
Redhat codeready Linux Builder Eus
Postgresql postgresql
Redhat codeready Linux Builder For Power Little Endian Eus
Redhat enterprise Linux Server Aus
Redhat enterprise Linux
Postgresql
Redhat enterprise Linux Eus
Redhat enterprise Linux For Power Little Endian
Redhat enterprise Linux Server Tus
Redhat enterprise Linux For Arm 64
Redhat codeready Linux Builder For Ibm Z Systems Eus
Redhat software Collections
Redhat enterprise Linux For Ibm Z Systems Eus

13 Dec 2023, 10:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7772 -
  • () https://access.redhat.com/errata/RHSA-2023:7770 -

11 Dec 2023, 16:15

Type Values Removed Values Added
References
  • () https://access.redhat.com/errata/RHSA-2023:7714 -

10 Dec 2023, 18:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-12-10 18:15

Updated : 2024-09-14 00:15

NVD link : CVE-2023-5868

Mitre link : CVE-2023-5868

JSON object : View

Products Affected

redhat

  • codeready_linux_builder_eus
  • enterprise_linux
  • enterprise_linux_server_tus
  • enterprise_linux_for_power_little_endian_eus
  • enterprise_linux_for_arm_64
  • codeready_linux_builder_eus_for_power_little_endian_eus
  • enterprise_linux_for_power_little_endian
  • codeready_linux_builder_for_arm64_eus
  • software_collections
  • enterprise_linux_eus
  • enterprise_linux_for_ibm_z_systems_eus
  • codeready_linux_builder_for_ibm_z_systems_eus
  • enterprise_linux_server_aus
  • enterprise_linux_for_ibm_z_systems
  • codeready_linux_builder_for_power_little_endian_eus

postgresql

  • postgresql
CWE
NVD-CWE-noinfo