PostgreSQL Mem Disclosure via Unknown-Type Aggregate Calls
CVE-2023-5868 Published on December 10, 2023
Postgresql: memory disclosure in aggregate function calls
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Vulnerability Analysis
CVE-2023-5868 is exploitable with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Timeline
Reported to Red Hat.
Made public. 9 days later.
Weakness Type
Function Call With Incorrect Argument Type
The software calls a function, procedure, or routine, but the caller specifies an argument that is the wrong data type, which may lead to resultant weaknesses. This weakness is most likely to occur in loosely typed languages, or in strongly typed languages in which the types of variable arguments cannot be enforced at compilation time, or where there is implicit casting.
Products Associated with CVE-2023-5868
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5868 are published in these products:
Affected Versions
Red Hat Advanced Cluster Security 4.2:- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 8090020231114113712.a75119d5 and below * is unaffected.
- Version 8090020231128173330.a75119d5 and below * is unaffected.
- Version 8090020231114113548.a75119d5 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8060020231114115246.ad008a3a and below * is unaffected.
- Version 8060020231128165328.ad008a3a and below * is unaffected.
- Version 8080020231114105206.63b34585 and below * is unaffected.
- Version 8080020231128165335.63b34585 and below * is unaffected.
- Version 8080020231113134015.63b34585 and below * is unaffected.
- Version 0:13.13-1.el9_3 and below * is unaffected.
- Version 9030020231120082734.rhel9 and below * is unaffected.
- Version 0:13.13-1.el9_0 and below * is unaffected.
- Version 0:13.13-1.el9_2 and below * is unaffected.
- Version 9020020231115020618.rhel9 and below * is unaffected.
- Version 0:12.17-1.el7 and below * is unaffected.
- Version 0:13.13-1.el7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.