Postgresql: memory disclosure in aggregate function calls
CVE-2023-5868

4.3MEDIUM

Key Information:

Vendor

Red Hat
Status
Red Hat Advanced Cluster Security 4.2
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.2 Advanced Update Support
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
Vendor
CVE Published:
10 December 2023

What is CVE-2023-5868?

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Red Hat Advanced Cluster Security 4.2 4.2.4-6

Red Hat Advanced Cluster Security 4.2 4.2.4-6

Red Hat Advanced Cluster Security 4.2 4.2.4-7

References

https://access.redhat.com/errata/RHSA-2023:7545
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7579
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7580
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Upstream acknowledges Jingzhou Fu as the original reporter.
JSON
.