Assigner | redhat |
Reserved | 2023-10-31 |
Published | 2023-12-10 |
Updated | 2024-05-01 |
Description
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Problem types
Function Call With Incorrect Argument Type
Product status
4.2.4-6 before *
4.2.4-6 before *
4.2.4-7 before *
4.2.4-6 before *
4.2.4-7 before *
8090020231114113712.a75119d5 before *
8090020231128173330.a75119d5 before *
8090020231114113548.a75119d5 before *
8020020231128165246.4cda2c84 before *
8020020231128165246.4cda2c84 before *
8020020231128165246.4cda2c84 before *
8040020231127153301.522a0ee4 before *
8040020231127154806.522a0ee4 before *
8040020231127153301.522a0ee4 before *
8040020231127154806.522a0ee4 before *
8040020231127153301.522a0ee4 before *
8040020231127154806.522a0ee4 before *
8060020231114115246.ad008a3a before *
8060020231128165328.ad008a3a before *
8080020231114105206.63b34585 before *
8080020231128165335.63b34585 before *
8080020231113134015.63b34585 before *
0:13.13-1.el9_3 before *
9030020231120082734.rhel9 before *
0:13.13-1.el9_0 before *
0:13.13-1.el9_2 before *
9020020231115020618.rhel9 before *
0:12.17-1.el7 before *
0:13.13-1.el7 before *
3.74.8-9 before *
3.74.8-9 before *
3.74.8-7 before *
3.74.8-9 before *
3.74.8-9 before *
4.1.6-6 before *
4.1.6-6 before *
4.1.6-6 before *
4.1.6-6 before *
4.1.6-6 before *
Timeline
2023-10-31: | Reported to Red Hat. |
2023-11-09: | Made public. |
Credits
Upstream acknowledges Jingzhou Fu as the original reporter.
References
https://access.redhat.com/errata/RHSA-2023:7545 (RHSA-2023:7545)
https://access.redhat.com/errata/RHSA-2023:7579 (RHSA-2023:7579)
https://access.redhat.com/errata/RHSA-2023:7580 (RHSA-2023:7580)
https://access.redhat.com/errata/RHSA-2023:7581 (RHSA-2023:7581)
https://access.redhat.com/errata/RHSA-2023:7616 (RHSA-2023:7616)
https://access.redhat.com/errata/RHSA-2023:7656 (RHSA-2023:7656)
https://access.redhat.com/errata/RHSA-2023:7666 (RHSA-2023:7666)
https://access.redhat.com/errata/RHSA-2023:7667 (RHSA-2023:7667)
https://access.redhat.com/errata/RHSA-2023:7694 (RHSA-2023:7694)
https://access.redhat.com/errata/RHSA-2023:7695 (RHSA-2023:7695)
https://access.redhat.com/errata/RHSA-2023:7714 (RHSA-2023:7714)
https://access.redhat.com/errata/RHSA-2023:7770 (RHSA-2023:7770)
https://access.redhat.com/errata/RHSA-2023:7772 (RHSA-2023:7772)
https://access.redhat.com/errata/RHSA-2023:7784 (RHSA-2023:7784)
https://access.redhat.com/errata/RHSA-2023:7785 (RHSA-2023:7785)
https://access.redhat.com/errata/RHSA-2023:7883 (RHSA-2023:7883)
https://access.redhat.com/errata/RHSA-2023:7884 (RHSA-2023:7884)
https://access.redhat.com/errata/RHSA-2023:7885 (RHSA-2023:7885)
https://access.redhat.com/errata/RHSA-2024:0304 (RHSA-2024:0304)
https://access.redhat.com/errata/RHSA-2024:0332 (RHSA-2024:0332)
https://access.redhat.com/errata/RHSA-2024:0337 (RHSA-2024:0337)
https://access.redhat.com/security/cve/CVE-2023-5868
https://bugzilla.redhat.com/show_bug.cgi?id=2247168 (RHBZ#2247168)
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5868/