Vulnerability CVE-2023-5869


Published: 2023-12-10   Modified: 2023-12-14

Description:
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Type:

CWE-190

(Integer Overflow or Wraparound)

Affected software
Redhat -> Codeready linux builder eus 
Redhat -> Enterprise linux for power little endian 
Redhat -> Enterprise linux desktop 
Redhat -> Enterprise linux for ibm z systems eus 
Redhat -> Enterprise linux workstation 
Redhat -> Enterprise linux for ibm z systems 
Redhat -> Enterprise linux for scientific computing 
Redhat -> Codeready linux builder for power little endian eus 
Redhat -> Enterprise linux server 
Redhat -> Enterprise linux for power big endian 
Redhat -> Software collections 
Redhat -> Enterprise linux 
Redhat -> Enterprise linux server tus 
Redhat -> Enterprise linux server aus 
Redhat -> Enterprise linux eus 
Redhat -> Enterprise linux for arm 64 
Redhat -> Enterprise linux for power little endian eus 
Redhat -> Codeready linux builder for arm64 eus 
Redhat -> Codeready linux builder for ibm z systems eus 
Redhat -> Codeready linux builder eus for power little endian eus 
Postgresql -> Postgresql 

 References:
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/security/cve/CVE-2023-5869
https://bugzilla.redhat.com/show_bug.cgi?id=2247169
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5869/
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7771
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7778
https://access.redhat.com/errata/RHSA-2023:7783
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7786
https://access.redhat.com/errata/RHSA-2023:7788
https://access.redhat.com/errata/RHSA-2023:7789
https://access.redhat.com/errata/RHSA-2023:7790

Copyright 2024, cxsecurity.com

 

Back to Top