CVE-2023-5868

MEDIUM EPSS 84.5%
Published Dec 10, 20232y ago · Modified Jun 23, 20261w ago
4.3 CVSS 3.1
Medium
Find Similar
Published Dec 10, 2023 2y ago
Last Modified Jun 23, 2026 1w ago

Description

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

CVSS Details

Base Score
4.3
Exploitability
2.8
Impact
1.4
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality Low
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
84.5% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available

Weaknesses 1

CWE-686

Affected Products 42

VendorProductVersionRange
postgresqlpostgresql*≥11.0  –  <11.22
postgresqlpostgresql*≥12.0  –  <12.17
postgresqlpostgresql*≥13.0  –  <13.13
postgresqlpostgresql*≥14.0  –  <14.10
postgresqlpostgresql*≥15.0  –  <15.5
postgresqlpostgresql16.0any
redhatcodeready_linux_builder_eus9.2any
redhatcodeready_linux_builder_eus_for_power_little_endian_eus9.0_ppc64leany
redhatcodeready_linux_builder_eus_for_power_little_endian_eus9.2_ppc64leany
redhatcodeready_linux_builder_for_arm64_eus8.6_aarch64any
redhatcodeready_linux_builder_for_arm64_eus9.0_aarch64any
redhatcodeready_linux_builder_for_arm64_eus9.2_aarch64any
redhatcodeready_linux_builder_for_ibm_z_systems_eus9.0_s390xany
redhatcodeready_linux_builder_for_ibm_z_systems_eus9.2_s390xany
redhatcodeready_linux_builder_for_power_little_endian_eus9.0_ppc64leany
redhatcodeready_linux_builder_for_power_little_endian_eus9.2_ppc64leany
redhatsoftware_collections1.0any
redhatenterprise_linux8.0any
redhatenterprise_linux9.0any
redhatenterprise_linux_eus8.6any
redhatenterprise_linux_eus8.8any
redhatenterprise_linux_eus9.0any
redhatenterprise_linux_eus9.2any
redhatenterprise_linux_for_arm_648.0any
redhatenterprise_linux_for_arm_648.8_aarch64any
redhatenterprise_linux_for_ibm_z_systems8.0_s390xany
redhatenterprise_linux_for_ibm_z_systems_eus8.6_s390xany
redhatenterprise_linux_for_ibm_z_systems_eus8.8_s390xany
redhatenterprise_linux_for_ibm_z_systems_eus9.0_s390xany
redhatenterprise_linux_for_ibm_z_systems_eus9.2_s390xany
redhatenterprise_linux_for_power_little_endian8.0_ppc64leany
redhatenterprise_linux_for_power_little_endian_eus8.6_ppc64leany
redhatenterprise_linux_for_power_little_endian_eus8.8_ppc64leany
redhatenterprise_linux_for_power_little_endian_eus9.0_ppc64leany
redhatenterprise_linux_for_power_little_endian_eus9.2_ppc64leany
redhatenterprise_linux_server_aus8.2any
redhatenterprise_linux_server_aus8.4any
redhatenterprise_linux_server_aus8.6any
redhatenterprise_linux_server_aus9.2any
redhatenterprise_linux_server_tus8.2any
redhatenterprise_linux_server_tus8.4any
redhatenterprise_linux_server_tus8.6any

References 27

Remediation

No remediation data recorded yet

Check vendor advisories and the NVD entry for patch availability.