CVE-2023-5868: Postgresql: memory disclosure in aggregate function calls

Q: What is CVE-2023-5868?

CVE-2023-5868 is a vulnerability that allows memory disclosure in aggregate function calls.

Q: Which software is affected by CVE-2023-5868?

The software affected by CVE-2023-5868 includes PostgreSQL versions 11.16-0+deb10u1, 13.11-0+deb11u1, 15.3-0+deb12u1, 16.1-1, and Red Hat PostgreSQL versions 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22. It also affects Ubuntu PostgreSQL versions 14.10-0ubuntu0.22.04.1, 14.10, 12.17-0ubuntu0.20.04.1, 12.17, 15.5, 15.5-0ubuntu0.23.04.1, and 15.5-0ubuntu0.23.10.1.

Q: What is the severity of CVE-2023-5868?

CVE-2023-5868 has a severity level of medium.

Q: How can I fix the CVE-2023-5868 vulnerability?

To fix the CVE-2023-5868 vulnerability, you should update your PostgreSQL installation to a version that includes the necessary security patches. Please refer to the official PostgreSQL website and your OS package manager for the latest updates and instructions.

Q: Where can I find more information about CVE-2023-5868?

You can find more information about CVE-2023-5868 on the official PostgreSQL website, the Debian Security Tracker, and the provided references.

Published Oct 31, 2023

Updated

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Other sources

Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out viability of attacks that arrange for presence of notable, confidential information in disclosed bytes.

— Red Hat

PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a flaw when perform certain aggregate function calls. By sending a specially crafted request, an attacker could exploit this vulnerability to obtain bytes of server memory from the end of the "unknown"-type value to the next zero byte, and use this information to launch further attacks against the affected system.

— IBM

Affected Software

60 affected componentsFixes available

redhat/PostgreSQL<16.1

16.1

redhat/PostgreSQL<15.5

15.5

redhat/PostgreSQL<14.10

14.10

redhat/PostgreSQL<13.13

13.13

redhat/PostgreSQL<12.17

12.17

redhat/PostgreSQL<11.22

11.22

ubuntu/postgresql-10<10.23-0ubuntu0.18.04.2+

10.23-0ubuntu0.18.04.2+

ubuntu/postgresql-12<12.17-0ubuntu0.20.04.1

12.17-0ubuntu0.20.04.1

ubuntu/postgresql-12<12.17

12.17

ubuntu/postgresql-14<14.10-0ubuntu0.22.04.1

14.10-0ubuntu0.22.04.1

ubuntu/postgresql-14<14.10

14.10

ubuntu/postgresql-15<15.5-0ubuntu0.23.04.1

15.5-0ubuntu0.23.04.1

ubuntu/postgresql-15<15.5-0ubuntu0.23.10.1

15.5-0ubuntu0.23.10.1

ubuntu/postgresql-15<15.5

15.5

ubuntu/postgresql-16<16.1

16.1

debian/postgresql-13

13.16-0+deb11u1

debian/postgresql-15

15.8-0+deb12u1

debian/postgresql-16

16.4-1

PostgreSQL postgresql>=11.0<11.22

PostgreSQL postgresql>=12.0<12.17

PostgreSQL postgresql>=13.0<13.13

PostgreSQL postgresql>=14.0<14.10

PostgreSQL postgresql>=15.0<15.5

PostgreSQL postgresql=16.0

redhat Codeready Linux Builder Eus=9.2

redhat Codeready Linux Builder Eus For Power Little Endian Eus=9.0_ppc64le

redhat Codeready Linux Builder Eus For Power Little Endian Eus=9.2_ppc64le

redhat Codeready Linux Builder For Arm64 Eus=8.6_aarch64

redhat Codeready Linux Builder For Arm64 Eus=9.0_aarch64

redhat Codeready Linux Builder For Arm64 Eus=9.2_aarch64

redhat Codeready Linux Builder For Ibm Z Systems Eus=9.0_s390x

redhat Codeready Linux Builder For Ibm Z Systems Eus=9.2_s390x

redhat Codeready Linux Builder For Power Little Endian Eus=9.0_ppc64le

redhat Codeready Linux Builder For Power Little Endian Eus=9.2_ppc64le

redhat Software Collections=1.0

redhat Enterprise Linux=8.0

redhat Enterprise Linux=9.0

redhat Enterprise Linux Eus=8.6

redhat Enterprise Linux Eus=8.8

redhat Enterprise Linux Eus=9.0

redhat Enterprise Linux Eus=9.2

redhat Enterprise Linux For Arm 64=8.0

redhat Enterprise Linux For Arm 64=8.8_aarch64

redhat Enterprise Linux For Ibm Z Systems=8.0_s390x

redhat Enterprise Linux For Ibm Z Systems Eus=8.6_s390x

redhat Enterprise Linux For Ibm Z Systems Eus=8.8_s390x

redhat Enterprise Linux For Ibm Z Systems Eus=9.0_s390x

redhat Enterprise Linux For Ibm Z Systems Eus=9.2_s390x

redhat Enterprise Linux For Power Little Endian=8.0_ppc64le

redhat Enterprise Linux For Power Little Endian Eus=8.6_ppc64le

redhat Enterprise Linux For Power Little Endian Eus=8.8_ppc64le

redhat Enterprise Linux For Power Little Endian Eus=9.0_ppc64le

redhat Enterprise Linux For Power Little Endian Eus=9.2_ppc64le

redhat Enterprise Linux Server Aus=8.2

redhat Enterprise Linux Server Aus=8.4

redhat Enterprise Linux Server Aus=8.6

redhat Enterprise Linux Server Aus=9.2

redhat Enterprise Linux Server Tus=8.2

redhat Enterprise Linux Server Tus=8.4

redhat Enterprise Linux Server Tus=8.6

Event History

Oct 31, 2023

Data Sourced

via Red Hat·04:09 AM

DescriptionSeverityAffected Software

Nov 15, 2023

CVE Published

via Ubuntu·12:00 AM

Dec 10, 2023

CVE Published

via MITRE·05:56 PM

Data Sourced

via MITRE·05:56 PM

DescriptionSeverityWeakness

Data Sourced

via NVD·06:15 PM

DescriptionSeverityWeaknessAffected Software

Feb 1, 2024

Data Sourced

via Launchpad·12:33 AM

Description

Feb 2, 2024

Data Sourced

via IBM·12:00 AM

DescriptionSeverityAffected Software

Parent advisories

This vulnerability appears in the following advisories.

Frequently Asked Questions

What is CVE-2023-5868?

CVE-2023-5868 is a vulnerability that allows memory disclosure in aggregate function calls.

Which software is affected by CVE-2023-5868?

The software affected by CVE-2023-5868 includes PostgreSQL versions 11.16-0+deb10u1, 13.11-0+deb11u1, 15.3-0+deb12u1, 16.1-1, and Red Hat PostgreSQL versions 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22. It also affects Ubuntu PostgreSQL versions 14.10-0ubuntu0.22.04.1, 14.10, 12.17-0ubuntu0.20.04.1, 12.17, 15.5, 15.5-0ubuntu0.23.04.1, and 15.5-0ubuntu0.23.10.1.

What is the severity of CVE-2023-5868?

CVE-2023-5868 has a severity level of medium.

How can I fix the CVE-2023-5868 vulnerability?

To fix the CVE-2023-5868 vulnerability, you should update your PostgreSQL installation to a version that includes the necessary security patches. Please refer to the official PostgreSQL website and your OS package manager for the latest updates and instructions.

Where can I find more information about CVE-2023-5868?

You can find more information about CVE-2023-5868 on the official PostgreSQL website, the Debian Security Tracker, and the provided references.

CVE-2023-5868: Postgresql: memory disclosure in aggregate function calls

Other sources

Affected Software

Event History

Parent advisories

Don't miss critical vulnerabilities

Frequently Asked Questions

What is CVE-2023-5868?

Which software is affected by CVE-2023-5868?

What is the severity of CVE-2023-5868?

How can I fix the CVE-2023-5868 vulnerability?

Where can I find more information about CVE-2023-5868?

Company

Resources

Contact