CVE-2023-5868 - Vulnerability Details - OpenCVE

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.02792.

Key SSVC decision points have not yet been added.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Red Hat

Red Hat Advanced Cluster Security 4.2

affected

Version	Status	Constraints
`4.2.4-6`	unaffected	< *

Red Hat

Red Hat Advanced Cluster Security 4.2

affected

Version	Status	Constraints
`4.2.4-6`	unaffected	< *

Red Hat

Red Hat Advanced Cluster Security 4.2

affected

Version	Status	Constraints
`4.2.4-7`	unaffected	< *

Red Hat

Red Hat Advanced Cluster Security 4.2

affected

Version	Status	Constraints
`4.2.4-6`	unaffected	< *

Red Hat

Red Hat Advanced Cluster Security 4.2

affected

Version	Status	Constraints
`4.2.4-7`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`8090020231114113712.a75119d5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`8090020231128173330.a75119d5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8

affected

Version	Status	Constraints
`8090020231114113548.a75119d5`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Advanced Update Support

affected

Version	Status	Constraints
`8020020231128165246.4cda2c84`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Telecommunications Update Service

affected

Version	Status	Constraints
`8020020231128165246.4cda2c84`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

affected

Version	Status	Constraints
`8020020231128165246.4cda2c84`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`8040020231127153301.522a0ee4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

affected

Version	Status	Constraints
`8040020231127154806.522a0ee4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

affected

Version	Status	Constraints
`8040020231127153301.522a0ee4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Telecommunications Update Service

affected

Version	Status	Constraints
`8040020231127154806.522a0ee4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

affected

Version	Status	Constraints
`8040020231127153301.522a0ee4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

affected

Version	Status	Constraints
`8040020231127154806.522a0ee4`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

affected

Version	Status	Constraints
`8060020231114115246.ad008a3a`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.6 Extended Update Support

affected

Version	Status	Constraints
`8060020231128165328.ad008a3a`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

affected

Version	Status	Constraints
`8080020231114105206.63b34585`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

affected

Version	Status	Constraints
`8080020231128165335.63b34585`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 8.8 Extended Update Support

affected

Version	Status	Constraints
`8080020231113134015.63b34585`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`0:13.13-1.el9_3`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9

affected

Version	Status	Constraints
`9030020231120082734.rhel9`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.0 Extended Update Support

affected

Version	Status	Constraints
`0:13.13-1.el9_0`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

affected

Version	Status	Constraints
`0:13.13-1.el9_2`	unaffected	< *

Red Hat

Red Hat Enterprise Linux 9.2 Extended Update Support

affected

Version	Status	Constraints
`9020020231115020618.rhel9`	unaffected	< *

Red Hat

Red Hat Software Collections for Red Hat Enterprise Linux 7

affected

Version	Status	Constraints
`0:12.17-1.el7`	unaffected	< *

Red Hat

Red Hat Software Collections for Red Hat Enterprise Linux 7

affected

Version	Status	Constraints
`0:13.13-1.el7`	unaffected	< *

Red Hat

RHACS-3.74-RHEL-8

affected

Version	Status	Constraints
`3.74.8-9`	unaffected	< *

Red Hat

RHACS-3.74-RHEL-8

affected

Version	Status	Constraints
`3.74.8-9`	unaffected	< *

Red Hat

RHACS-3.74-RHEL-8

affected

Version	Status	Constraints
`3.74.8-7`	unaffected	< *

Red Hat

RHACS-3.74-RHEL-8

affected

Version	Status	Constraints
`3.74.8-9`	unaffected	< *

Red Hat

RHACS-3.74-RHEL-8

affected

Version	Status	Constraints
`3.74.8-9`	unaffected	< *

Red Hat

RHACS-4.1-RHEL-8

affected

Version	Status	Constraints
`4.1.6-6`	unaffected	< *

Red Hat

RHACS-4.1-RHEL-8

affected

Version	Status	Constraints
`4.1.6-6`	unaffected	< *

Red Hat

RHACS-4.1-RHEL-8

affected

Version	Status	Constraints
`4.1.6-6`	unaffected	< *

Red Hat

RHACS-4.1-RHEL-8

affected

Version	Status	Constraints
`4.1.6-6`	unaffected	< *

Red Hat

RHACS-4.1-RHEL-8

affected

Version	Status	Constraints
`4.1.6-6`	unaffected	< *

Red Hat Red Hat Enterprise Linux 6 unknown —

Red Hat Red Hat Enterprise Linux 7 affected —

Red Hat Red Hat Enterprise Linux 8 affected —

Red Hat Red Hat Enterprise Linux 8 unaffected —

Red Hat Red Hat Enterprise Linux 9 unaffected —

Red Hat Red Hat Software Collections affected —

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:16.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:software_collections:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Package	CPE	Advisory	Released Date
Red Hat Advanced Cluster Security 4.2
advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
Red Hat Enterprise Linux 8
postgresql:13-8090020231114113712.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7581	2023-11-29T00:00:00Z
postgresql:12-8090020231128173330.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7714	2023-12-11T00:00:00Z
postgresql:15-8090020231114113548.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7884	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
postgresql:13-8060020231114115246.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7580	2023-11-29T00:00:00Z
postgresql:12-8060020231128165328.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7666	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
postgresql:13-8080020231114105206.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7579	2023-11-29T00:00:00Z
postgresql:12-8080020231128165335.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7656	2023-12-05T00:00:00Z
postgresql:15-8080020231113134015.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7883	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 9
postgresql-0:13.13-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7784	2023-12-13T00:00:00Z
postgresql:15-9030020231120082734.rhel9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7785	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
postgresql-0:13.13-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:7545	2023-11-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
postgresql-0:13.13-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7616	2023-11-30T00:00:00Z
postgresql:15-9020020231115020618.rhel9	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7885	2023-12-20T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-postgresql12-postgresql-0:12.17-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7770	2023-12-13T00:00:00Z
rh-postgresql13-postgresql-0:13.13-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7772	2023-12-13T00:00:00Z
RHACS-3.74-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:3.74.8-7	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
RHACS-4.1-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z

No data.

Project Subscriptions

Vendors	Products
Postgresql Subscribe	Postgresql Subscribe
Redhat Subscribe	Advanced Cluster Security Subscribe Codeready Linux Builder Eus Subscribe Codeready Linux Builder Eus For Power Little Endian Eus Subscribe Codeready Linux Builder For Arm64 Eus Subscribe Codeready Linux Builder For Ibm Z Systems Eus Subscribe Codeready Linux Builder For Power Little Endian Eus Subscribe Enterprise Linux Subscribe Enterprise Linux Eus Subscribe Enterprise Linux For Arm 64 Subscribe Enterprise Linux For Ibm Z Systems Subscribe Enterprise Linux For Ibm Z Systems Eus Subscribe Enterprise Linux For Power Little Endian Subscribe Enterprise Linux For Power Little Endian Eus Subscribe Enterprise Linux Server Aus Subscribe Enterprise Linux Server Tus Subscribe Rhel Aus Subscribe Rhel E4s Subscribe Rhel Eus Subscribe Rhel Software Collections Subscribe Rhel Tus Subscribe Software Collections Subscribe

Advisories

Source	ID	Title
Debian DLA	DLA-3651-1	postgresql-11 security update
Debian DSA	DSA-5553-1	postgresql-15 security update
Debian DSA	DSA-5554-1	postgresql-13 security update
EUVD	EUVD-2023-58142	A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Ubuntu USN	USN-6538-1	PostgreSQL vulnerabilities
Ubuntu USN	USN-6538-2	PostgreSQL vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5868
https://bugzilla.redhat.com/show_bug.cgi?id=2247168
https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
https://nvd.nist.gov/vuln/detail/CVE-2023-5868
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.cve.org/CVERecord?id=CVE-2023-5868
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5868/

History

Tue, 04 Nov 2025 20:30:00 +0000

Type	Values Removed	Values Added
References		https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html

Sat, 25 Oct 2025 01:15:00 +0000

Type	Values Removed	Values Added
CPEs		cpe:/o:redhat:enterprise_linux:9

Sat, 04 Oct 2025 01:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240119-0003/

Sat, 14 Sep 2024 00:45:00 +0000

Type	Values Removed	Values Added
References	https://security.netapp.com/advisory/ntap-20240119-0003/

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-10T17:56:57.176Z

Updated: 2025-11-20T01:15:56.663Z

Reserved: 2023-10-31T03:56:17.314Z

Link: CVE-2023-5868

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-10T18:15:07.163

Modified: 2025-11-04T20:17:13.493

Link: CVE-2023-5868

Redhat

Severity : Moderate

Publid Date: 2023-11-09T00:00:00Z

Links: CVE-2023-5868 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2023-5868", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-31T03:56:17.314Z", "datePublished": "2023-12-10T17:56:57.176Z", "dateUpdated": "2025-11-20T01:15:56.663Z"}, "containers": {"cna": {"title": "Postgresql: memory disclosure in aggregate function calls", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8090020231114113712.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8090020231128173330.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8090020231114113548.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream", "cpe:/a:redhat:rhel_aus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8060020231114115246.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8060020231128165328.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8080020231114105206.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8080020231128165335.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8080020231113134015.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9030020231120082734.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream", "cpe:/a:redhat:rhel_eus:9.2::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9020020231115020618.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql12-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:12.17-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql13-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "3.74.8-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10/postgresql", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:16/postgresql", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:16/postgresql", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql10-postgresql", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:rhel_software_collections:3"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5868", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168", "name": "RHBZ#2247168", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5868/"}], "datePublic": "2023-11-09T00:00:00.000Z", "problemTypes": [{"descriptions": [{"cweId": "CWE-686", "description": "Function Call With Incorrect Argument Type", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-686: Function Call With Incorrect Argument Type", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2023-10-31T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-11-09T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Upstream acknowledges Jingzhou Fu as the original reporter."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2025-11-20T01:15:56.663Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5868", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168", "name": "RHBZ#2247168", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0003/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5868/", "tags": ["x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-11-04T19:25:50.319Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71", "versionEndExcluding": "11.22", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF", "versionEndExcluding": "12.17", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001", "versionEndExcluding": "13.13", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21", "versionEndExcluding": "14.10", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932", "versionEndExcluding": "15.5", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."}, {"lang": "es", "value": "Se encontr\u00f3 una vulnerabilidad de divulgaci\u00f3n de memoria en PostgreSQL que permite a usuarios remotos acceder a informaci\u00f3n confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo \"desconocido\". El manejo de valores de tipo \"desconocido\" de cadenas literales sin designaci\u00f3n de tipo puede revelar bytes, lo que potencialmente revela informaci\u00f3n importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema."}], "id": "CVE-2023-5868", "lastModified": "2025-11-04T20:17:13.493", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-10T18:15:07.163", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5868"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"source": "secalert@redhat.com", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-5868/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5868"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240119-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-5868/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-686"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Jingzhou Fu as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2023:7581", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:13-8090020231114113712.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7714", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:12-8090020231128173330.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2023:7884", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:15-8090020231114113548.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7580", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:13-8060020231114115246.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7666", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:12-8060020231128165328.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7579", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:13-8080020231114105206.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7656", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:12-8080020231128165335.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-05T00:00:00Z"}, {"advisory": "RHSA-2023:7883", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:15-8080020231113134015.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7784", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql-0:13.13-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7785", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql:15-9030020231120082734.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7545", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "postgresql-0:13.13-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2023:7616", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql-0:13.13-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-11-30T00:00:00Z"}, {"advisory": "RHSA-2023:7885", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql:15-9020020231115020618.rhel9", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7770", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.17-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7772", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql13-postgresql-0:13.13-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:3.74.8-7", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}], "bugzilla": {"description": "postgresql: Memory disclosure in aggregate function calls", "id": "2247168", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247168"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-686", "details": ["A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.", "A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-5868", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "postgresql:10/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "rh-postgresql10-postgresql", "product_name": "Red Hat Software Collections"}], "public_date": "2023-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5868\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5868\nhttps://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\nhttps://www.postgresql.org/support/security/CVE-2023-5868/"], "threat_severity": "Moderate"}