Informazioni sul CVE-2023-5868
Postgresql: memory disclosure in aggregate function calls
CWE ID: CWE-686
Base Score (CVSS): N/A
CVE: CVE-2023-5868
Descrizione: A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with ‘unknown’-type arguments. Handling ‘unknown’-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Vettore di attacco CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Punteggio CVSS
Il CVSS è un sistema di valutazione che misura la gravità di una vulnerabilità informatica considerando fattori come l’impatto potenziale, la probabilità di attacco e la facilità di esecuzione.
Riassunto: Accesso: Network, Privilegi: Low, Interazione utente: None, Confidenzialità: Low, Integrità: None, Disponibilità: None.
Dettaglio del Vettore
| Metrica | Valore | Significato | Descrizione |
|---|---|---|---|
| Attack Vector (AV) | N | Network | L’attacco può essere eseguito da remoto attraverso la rete. |
| Attack Complexity (AC) | L | Low | L’attacco non richiede condizioni particolari. |
| Privileges Required (PR) | L | Low | Richiede pochi privilegi. |
| User Interaction (UI) | N | None | Non è richiesta interazione dell’utente. |
| Scope (S) | U | Unchanged | Il raggio d’azione non cambia. |
| Confidentiality Impact (C) | L | Low | Impatto limitato. |
| Integrity Impact (I) | N | None | Nessun impatto sull’integrità. |
| Availability Impact (A) | N | None | Nessun impatto sulla disponibilità. |
Riferimenti esterni
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5868
- https://bugzilla.redhat.com/show_bug.cgi?id=2247168
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5868/
Prodotti interessati
- Red Hat – Red Hat Advanced Cluster Security 4.2
- Red Hat – Red Hat Advanced Cluster Security 4.2
- Red Hat – Red Hat Advanced Cluster Security 4.2
- Red Hat – Red Hat Advanced Cluster Security 4.2
- Red Hat – Red Hat Advanced Cluster Security 4.2
- Red Hat – Red Hat Enterprise Linux 8
- Red Hat – Red Hat Enterprise Linux 8
- Red Hat – Red Hat Enterprise Linux 8
- Red Hat – Red Hat Enterprise Linux 8.2 Advanced Update Support
- Red Hat – Red Hat Enterprise Linux 8.2 Telecommunications Update Service
- Red Hat – Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
- Red Hat – Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
- Red Hat – Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
- Red Hat – Red Hat Enterprise Linux 8.4 Telecommunications Update Service
- Red Hat – Red Hat Enterprise Linux 8.4 Telecommunications Update Service
- Red Hat – Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
- Red Hat – Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
- Red Hat – Red Hat Enterprise Linux 8.6 Extended Update Support
- Red Hat – Red Hat Enterprise Linux 8.6 Extended Update Support
- Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
- Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
- Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
- Red Hat – Red Hat Enterprise Linux 9
- Red Hat – Red Hat Enterprise Linux 9
- Red Hat – Red Hat Enterprise Linux 9.0 Extended Update Support
- Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
- Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
- Red Hat – Red Hat Software Collections for Red Hat Enterprise Linux 7
- Red Hat – Red Hat Software Collections for Red Hat Enterprise Linux 7
- Red Hat – RHACS-3.74-RHEL-8
- Red Hat – RHACS-3.74-RHEL-8
- Red Hat – RHACS-3.74-RHEL-8
- Red Hat – RHACS-3.74-RHEL-8
- Red Hat – RHACS-3.74-RHEL-8
- Red Hat – RHACS-4.1-RHEL-8
- Red Hat – RHACS-4.1-RHEL-8
- Red Hat – RHACS-4.1-RHEL-8
- Red Hat – RHACS-4.1-RHEL-8
- Red Hat – RHACS-4.1-RHEL-8
- Red Hat – Red Hat Enterprise Linux 6
- Red Hat – Red Hat Enterprise Linux 7
- Red Hat – Red Hat Enterprise Linux 8
- Red Hat – Red Hat Enterprise Linux 8
- Red Hat – Red Hat Enterprise Linux 9
- Red Hat – Red Hat Software Collections
Relazioni con altri prodotti
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 7
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 6
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.6 Extended Update Support
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.8 Extended Update Support
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Software Collections
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.2 Extended Update Support
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Advanced Cluster Security 4.2
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.2 Advanced Update Support
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.0 Extended Update Support
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: Red Hat Software Collections for Red Hat Enterprise Linux 7
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: RHACS-3.74-RHEL-8
Anno: 2023
CWE: CWE-686
CVSS: 0.0
Produttore:Red Hat
Prodotto: RHACS-4.1-RHEL-8
Anno: 2023
CWE: CWE-686
CVSS: 0.0