DEBIAN-CVE-2023-5868

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2023-5868

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-5868.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-5868

Upstream

CVE-2023-5868

Published

2023-12-10T18:15:07Z

Modified

2025-09-19T07:34:55.834028Z

Summary

[none]

Details

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

References

https://security-tracker.debian.org/tracker/CVE-2023-5868

Affected packages

Debian:11 / postgresql-13

Package

Name: postgresql-13
Purl: pkg:deb/debian/postgresql-13?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

13.13-0+deb11u1

Affected versions

13.*

13.3-1

13.4-0+deb11u1

13.4-1

13.4-2

13.4-3

13.5-0+deb11u1

13.7-0+deb11u1

13.8-0+deb11u1

13.9-0+deb11u1

13.10-0+deb11u1

13.11-0+deb11u1

13.12-0+deb11u1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / postgresql-15

Package

Name: postgresql-15
Purl: pkg:deb/debian/postgresql-15?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

15.5-0+deb12u1

Affected versions

15.*

15.3-0+deb12u1

15.3-1

15.4-0+deb12u1

15.4-1

15.4-2

15.4-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}