Unrated severityNVD Advisory· Published Dec 10, 2023· Updated Mar 11, 2026
Postgresql: buffer overrun from integer overflow in array modification
CVE-2023-5869
Description
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Affected products
19- Red Hat/Red Hat Enterprise Linux 8v52 versions
cpe:/a:redhat:enterprise_linux:8::appstream+ 1 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 8090020231114113548.a75119d5
- cpe:/o:redhat:enterprise_linux:8
- Red Hat/Red Hat Enterprise Linux 8.1 Update Services for SAP Solutionsv5cpe:/a:redhat:rhel_e4s:8.1::appstreamRange: 8010020231130170510.c27ad7f8
- Red Hat/Red Hat Enterprise Linux 8.8 Extended Update Supportv5cpe:/a:redhat:rhel_eus:8.8::appstreamRange: 8080020231113134015.63b34585
- Red Hat/Red Hat Enterprise Linux 9v53 versions
cpe:/a:redhat:enterprise_linux:9::crb+ 2 more
- cpe:/a:redhat:enterprise_linux:9::crbrange: 0:13.13-1.el9_3
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 9030020231120082734.rhel9
- cpe:/o:redhat:enterprise_linux:9
- Red Hat/Red Hat Enterprise Linux 8.4 Update Services for SAP Solutionsv5cpe:/a:redhat:rhel_e4s:8.4::appstreamRange: 8040020231127142440.522a0ee4
- Red Hat/Red Hat Enterprise Linux 8.2 Update Services for SAP Solutionsv5cpe:/a:redhat:rhel_e4s:8.2::appstreamRange: 8020020231201202149.4cda2c84
- Red Hat/Red Hat Advanced Cluster Security 4.2v5cpe:/a:redhat:advanced_cluster_security:4.2::el8Range: 4.2.4-7
- Red Hat/Red Hat Enterprise Linux 7v5cpe:/o:redhat:enterprise_linux:7::serverRange: 0:9.2.24-9.el7_9
- Red Hat/Red Hat Enterprise Linux 9.0 Extended Update Supportv5cpe:/a:redhat:rhel_eus:9.0::appstreamRange: 0:13.13-1.el9_0
- Red Hat/Red Hat Enterprise Linux 8.6 Extended Update Supportv5cpe:/a:redhat:rhel_eus:8.6::appstreamRange: 8060020231201202249.ad008a3a
- Red Hat/Red Hat Enterprise Linux 9.2 Extended Update Supportv52 versions
cpe:/a:redhat:rhel_eus:9.2::crb+ 1 more
- cpe:/a:redhat:rhel_eus:9.2::crbrange: 0:13.13-1.el9_2
- cpe:/a:redhat:rhel_eus:9.2::appstreamrange: 9020020231115020618.rhel9
- Red Hat/Red Hat Software Collections for Red Hat Enterprise Linux 7v5cpe:/a:redhat:rhel_software_collections:3::el7Range: 0:13.13-1.el7
- Red Hat/RHACS-3.74-RHEL-8v5cpe:/a:redhat:advanced_cluster_security:3.74::el8Range: 3.74.8-9
- Red Hat/RHACS-4.1-RHEL-8v5cpe:/a:redhat:advanced_cluster_security:4.1::el8Range: 4.1.6-6
- Red Hat/Red Hat Enterprise Linux 6v5cpe:/o:redhat:enterprise_linux:6
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
33- access.redhat.com/errata/RHSA-2023:7545mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7579mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7580mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7581mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7616mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7656mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7666mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7667mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7694mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7695mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7714mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7770mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7771mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7772mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7778mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7783mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7784mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7785mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7786mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7788mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7789mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7790mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7878mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7883mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7884mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2023:7885mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0304mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0332mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:0337mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-5869mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/mitre
- www.postgresql.org/support/security/CVE-2023-5869/mitre
News mentions
1- ABB Ability Symphony Plus EngineeringCISA Alerts