A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
References
Link Providers
https://access.redhat.com/errata/RHSA-2023:7545 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7579 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7580 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7581 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7616 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7656 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7666 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7667 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7694 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7695 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7714 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7770 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7771 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7772 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7778 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7783 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7784 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7785 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7786 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7788 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7789 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7790 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7878 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7883 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7884 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2023:7885 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0304 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0332 cve-icon cve-icon
https://access.redhat.com/errata/RHSA-2024:0337 cve-icon cve-icon
https://access.redhat.com/security/cve/CVE-2023-5869 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=2247169 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2023-5869 cve-icon
https://security.netapp.com/advisory/ntap-20240119-0003/ cve-icon
https://www.cve.org/CVERecord?id=CVE-2023-5869 cve-icon
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ cve-icon cve-icon cve-icon
https://www.postgresql.org/support/security/CVE-2023-5869/ cve-icon cve-icon cve-icon
History

Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Sat, 14 Sep 2024 00:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-10T17:56:57.131Z

Updated: 2024-11-15T15:11:34.563Z

Reserved: 2023-10-31T03:56:42.638Z

Link: CVE-2023-5869

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-12-10T18:15:07.410

Modified: 2024-11-21T08:42:40.427

Link: CVE-2023-5869

cve-icon Redhat

Severity : Important

Publid Date: 2023-11-09T00:00:00Z

Links: CVE-2023-5869 - Bugzilla