CVE: CVE-2023-5869

Descrizione: A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server’s memory.

Vettore di attacco CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Riferimenti esterni

• https://access.redhat.com/errata/RHSA-2023:7545
• https://access.redhat.com/errata/RHSA-2023:7579
• https://access.redhat.com/errata/RHSA-2023:7580
• https://access.redhat.com/errata/RHSA-2023:7581
• https://access.redhat.com/errata/RHSA-2023:7616
• https://access.redhat.com/errata/RHSA-2023:7656
• https://access.redhat.com/errata/RHSA-2023:7666
• https://access.redhat.com/errata/RHSA-2023:7667
• https://access.redhat.com/errata/RHSA-2023:7694
• https://access.redhat.com/errata/RHSA-2023:7695
• https://access.redhat.com/errata/RHSA-2023:7714
• https://access.redhat.com/errata/RHSA-2023:7770
• https://access.redhat.com/errata/RHSA-2023:7771
• https://access.redhat.com/errata/RHSA-2023:7772
• https://access.redhat.com/errata/RHSA-2023:7778
• https://access.redhat.com/errata/RHSA-2023:7783
• https://access.redhat.com/errata/RHSA-2023:7784
• https://access.redhat.com/errata/RHSA-2023:7785
• https://access.redhat.com/errata/RHSA-2023:7786
• https://access.redhat.com/errata/RHSA-2023:7788
• https://access.redhat.com/errata/RHSA-2023:7789
• https://access.redhat.com/errata/RHSA-2023:7790
• https://access.redhat.com/errata/RHSA-2023:7878
• https://access.redhat.com/errata/RHSA-2023:7883
• https://access.redhat.com/errata/RHSA-2023:7884
• https://access.redhat.com/errata/RHSA-2023:7885
• https://access.redhat.com/errata/RHSA-2024:0304
• https://access.redhat.com/errata/RHSA-2024:0332
• https://access.redhat.com/errata/RHSA-2024:0337
• https://access.redhat.com/security/cve/CVE-2023-5869
• https://bugzilla.redhat.com/show_bug.cgi?id=2247169
• https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
• https://www.postgresql.org/support/security/CVE-2023-5869/

Prodotti interessati

• Red Hat – Red Hat Advanced Cluster Security 4.2
• Red Hat – Red Hat Advanced Cluster Security 4.2
• Red Hat – Red Hat Advanced Cluster Security 4.2
• Red Hat – Red Hat Advanced Cluster Security 4.2
• Red Hat – Red Hat Advanced Cluster Security 4.2
• Red Hat – Red Hat Enterprise Linux 7
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.2 Advanced Update Support
• Red Hat – Red Hat Enterprise Linux 8.2 Advanced Update Support
• Red Hat – Red Hat Enterprise Linux 8.2 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.2 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
• Red Hat – Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
• Red Hat – Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
• Red Hat – Red Hat Enterprise Linux 8.4 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.4 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.4 Telecommunications Update Service
• Red Hat – Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
• Red Hat – Red Hat Enterprise Linux 8.6 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.6 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.6 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 8.8 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9
• Red Hat – Red Hat Enterprise Linux 9.0 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat Enterprise Linux 9.2 Extended Update Support
• Red Hat – Red Hat Software Collections for Red Hat Enterprise Linux 7
• Red Hat – Red Hat Software Collections for Red Hat Enterprise Linux 7
• Red Hat – Red Hat Software Collections for Red Hat Enterprise Linux 7
• Red Hat – RHACS-3.74-RHEL-8
• Red Hat – RHACS-3.74-RHEL-8
• Red Hat – RHACS-3.74-RHEL-8
• Red Hat – RHACS-3.74-RHEL-8
• Red Hat – RHACS-3.74-RHEL-8
• Red Hat – RHACS-4.1-RHEL-8
• Red Hat – RHACS-4.1-RHEL-8
• Red Hat – RHACS-4.1-RHEL-8
• Red Hat – RHACS-4.1-RHEL-8
• Red Hat – RHACS-4.1-RHEL-8
• Red Hat – Red Hat Enterprise Linux 6
• Red Hat – Red Hat Enterprise Linux 8
• Red Hat – Red Hat Enterprise Linux 9

Relazioni con altri prodotti

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 7
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 6
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.6 Extended Update Support
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.8 Extended Update Support
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.2 Extended Update Support
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Advanced Cluster Security 4.2
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.2 Advanced Update Support
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Telecommunications Update Service
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 9.0 Extended Update Support
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Software Collections for Red Hat Enterprise Linux 7
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: RHACS-3.74-RHEL-8
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: RHACS-4.1-RHEL-8
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Produttore:Red Hat
Prodotto: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
Anno: 2023
CWE: CWE-190
CVSS: 0.0

Ulteriori risorse disponibili

• Vulnerabilità scoperte nello stesso anno (2023)