CVE-2023-5868
- Source
- https://cve.org/CVERecord?id=CVE-2023-5868
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5868.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-5868
- Aliases
- Downstream
- Related
- Published
- 2023-12-10T18:15:07.163Z
- Modified
- 2026-02-08T22:47:42.422381Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
- References
-
- https://www.postgresql.org/support/security/CVE-2023-5868/
- https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5868
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5868/
- https://security.netapp.com/advisory/ntap-20240119-0003/
- https://bugzilla.redhat.com/show_bug.cgi?id=2247168
Affected packages
Git / git.postgresql.org/git/postgresql.git
Affected ranges
- Type
- GIT
- Repo
- https://git.postgresql.org/git/postgresql.git
- Events
-
Introduced2a7ce2e2ce474504a707ec03e128fde66cfb8b48Fixed1e7f81e90741795d547c0290b4a82d84d518faacIntroducedad1f2885b8c82e0c2d56d7974f012cbecce17a17Fixed2fe2d1af14fd2fb5afeee94b94c4d8a34a829e32Introduced29be9983a64c011eac0b9ee29895cce71e15ea77Fixed319310aa121285b1c7c036cb956a11bcc9d1bcb2Introduced86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568cFixed33d5cf65f8c97d6bf085dffecb51c6a52d1f3f0dIntroduced19f20081df059fef87e14c8e953669bd173dd7f1Fixedfd851f9e4a13d81cccc4ac5d6059d732c7518111
Affected versions
Other
REL_11_0
REL_11_1
REL_11_10
REL_11_11
REL_11_12
REL_11_13
REL_11_14
REL_11_15
REL_11_16
REL_11_17
REL_11_18
REL_11_19
REL_11_2
REL_11_20
REL_11_21
REL_11_3
REL_11_4
REL_11_5
REL_11_6
REL_11_7
REL_11_8
REL_11_9
REL_12_0
REL_12_1
REL_12_10
REL_12_11
REL_12_12
REL_12_13
REL_12_14
REL_12_15
REL_12_16
REL_12_2
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_12_9
REL_13_0
REL_13_1
REL_13_10
REL_13_11
REL_13_12
REL_13_2
REL_13_3
REL_13_4
REL_13_5
REL_13_6
REL_13_7
REL_13_8
REL_13_9
REL_14_0
REL_14_1
REL_14_2
REL_14_3
REL_14_4
REL_14_5
REL_14_6
REL_14_7
REL_14_8
REL_14_9
REL_15_0
REL_15_1
REL_15_2
REL_15_3
REL_15_4