PostgreSQL Array Integer Overflow Allows Authenticated Code Exec
CVE-2023-5869 Published on December 10, 2023
Postgresql: buffer overrun from integer overflow in array modification
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Vulnerability Analysis
CVE-2023-5869 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Timeline
Reported to Red Hat.
Made public. 9 days later.
Weakness Type
Integer Overflow or Wraparound
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control. An integer overflow or wraparound occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may wrap to become a very small or negative number. While this may be intended behavior in circumstances that rely on wrapping, it can have security consequences if the wrap is unexpected. This is especially the case if the integer overflow can be triggered using user-supplied inputs. This becomes security-critical when the result is used to control looping, make a security decision, or determine the offset or size in behaviors such as memory allocation, copying, concatenation, etc.
Products Associated with CVE-2023-5869
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5869 are published in these products:
Affected Versions
Red Hat Advanced Cluster Security 4.2:- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 0:9.2.24-9.el7_9 and below * is unaffected.
- Version 8090020231114113712.a75119d5 and below * is unaffected.
- Version 8090020231128173330.a75119d5 and below * is unaffected.
- Version 8090020231201202407.a75119d5 and below * is unaffected.
- Version 8090020231114113548.a75119d5 and below * is unaffected.
- Version 8010020231130170510.c27ad7f8 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231201202149.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231201202149.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231201202149.4cda2c84 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127142440.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127142440.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127142440.522a0ee4 and below * is unaffected.
- Version 8060020231114115246.ad008a3a and below * is unaffected.
- Version 8060020231128165328.ad008a3a and below * is unaffected.
- Version 8060020231201202249.ad008a3a and below * is unaffected.
- Version 8080020231114105206.63b34585 and below * is unaffected.
- Version 8080020231128165335.63b34585 and below * is unaffected.
- Version 8080020231201202316.63b34585 and below * is unaffected.
- Version 8080020231113134015.63b34585 and below * is unaffected.
- Version 0:13.13-1.el9_3 and below * is unaffected.
- Version 9030020231120082734.rhel9 and below * is unaffected.
- Version 0:13.13-1.el9_0 and below * is unaffected.
- Version 0:13.13-1.el9_2 and below * is unaffected.
- Version 9020020231115020618.rhel9 and below * is unaffected.
- Version 0:12.17-1.el7 and below * is unaffected.
- Version 0:10.23-2.el7 and below * is unaffected.
- Version 0:13.13-1.el7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.