CVE-2023-5868

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-5868

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5868.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-5868

Aliases

BIT-postgresql-2023-5868

Downstream

ALPINE-CVE-2023-5868

BELL-CVE-2023-5868

DEBIAN-CVE-2023-5868

DLA-3651-1

DSA-5553-1

DSA-5554-1

OESA-2024-2428

OESA-2025-1335

RHSA-2023:7545

RHSA-2023:7579

RHSA-2023:7580

RHSA-2023:7581

RHSA-2023:7616

RHSA-2023:7656

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7714

RHSA-2023:7770

RHSA-2023:7772

RHSA-2023:7784

RHSA-2023:7785

RHSA-2023:7883

RHSA-2023:7884

RHSA-2023:7885

RLSA-2023:7785

SUSE-SU-2023:4418-1

SUSE-SU-2023:4425-1

SUSE-SU-2023:4433-1

SUSE-SU-2023:4434-1

SUSE-SU-2023:4454-1

SUSE-SU-2023:4455-1

SUSE-SU-2023:4479-1

SUSE-SU-2023:4495-1

SUSE-SU-2024:0106-1

UBUNTU-CVE-2023-5868

USN-6538-1

USN-6538-2

openSUSE-SU-2024:13408-1

openSUSE-SU-2024:13409-1

openSUSE-SU-2024:13410-1

openSUSE-SU-2024:13413-1

openSUSE-SU-2024:13414-1

openSUSE-SU-2024:13668-1

Related

Published

2023-12-10T18:15:07Z

Modified

2025-05-30T18:01:23Z

Severity

4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

References

Affected packages