CVE-2023-5869
- Source
- https://cve.org/CVERecord?id=CVE-2023-5869
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5869.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-5869
- Aliases
- Downstream
- Related
- Published
- 2023-12-10T18:15:07.410Z
- Modified
- 2026-02-13T15:59:31.264351Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
- References
-
- https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7771
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7778
- https://access.redhat.com/errata/RHSA-2023:7783
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7786
- https://access.redhat.com/errata/RHSA-2023:7788
- https://access.redhat.com/errata/RHSA-2023:7789
- https://access.redhat.com/errata/RHSA-2023:7790
- https://access.redhat.com/errata/RHSA-2023:7878
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5869
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5869/
- https://security.netapp.com/advisory/ntap-20240119-0003/
- https://bugzilla.redhat.com/show_bug.cgi?id=2247169
Affected packages
Git / git.postgresql.org/git/postgresql.git
Affected ranges
- Type
- GIT
- Repo
- https://git.postgresql.org/git/postgresql.git
- Events
-
Introduced19f20081df059fef87e14c8e953669bd173dd7f1Fixedfd851f9e4a13d81cccc4ac5d6059d732c7518111Introduced29be9983a64c011eac0b9ee29895cce71e15ea77Fixed319310aa121285b1c7c036cb956a11bcc9d1bcb2Introduced2a7ce2e2ce474504a707ec03e128fde66cfb8b48Fixed1e7f81e90741795d547c0290b4a82d84d518faacIntroduced86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568cFixed33d5cf65f8c97d6bf085dffecb51c6a52d1f3f0dIntroducedad1f2885b8c82e0c2d56d7974f012cbecce17a17Fixed2fe2d1af14fd2fb5afeee94b94c4d8a34a829e32
Affected versions
Other
REL_11_0
REL_11_1
REL_11_10
REL_11_11
REL_11_12
REL_11_13
REL_11_14
REL_11_15
REL_11_16
REL_11_17
REL_11_18
REL_11_19
REL_11_2
REL_11_20
REL_11_21
REL_11_3
REL_11_4
REL_11_5
REL_11_6
REL_11_7
REL_11_8
REL_11_9
REL_12_0
REL_12_1
REL_12_10
REL_12_11
REL_12_12
REL_12_13
REL_12_14
REL_12_15
REL_12_16
REL_12_2
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_12_9
REL_13_0
REL_13_1
REL_13_10
REL_13_11
REL_13_12
REL_13_2
REL_13_3
REL_13_4
REL_13_5
REL_13_6
REL_13_7
REL_13_8
REL_13_9
REL_14_0
REL_14_1
REL_14_2
REL_14_3
REL_14_4
REL_14_5
REL_14_6
REL_14_7
REL_14_8
REL_14_9
REL_15_0
REL_15_1
REL_15_2
REL_15_3
REL_15_4