CVE-2023-5868

Postgresql: memory disclosure in aggregate function calls

Severity Score

4.3

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Se encontró una vulnerabilidad de divulgación de memoria en PostgreSQL que permite a usuarios remotos acceder a información confidencial explotando ciertas llamadas a funciones agregadas con argumentos de tipo "desconocido". El manejo de valores de tipo "desconocido" de cadenas literales sin designación de tipo puede revelar bytes, lo que potencialmente revela información importante y confidencial. Este problema existe debido a una salida excesiva de datos en llamadas a funciones agregadas, lo que permite a los usuarios remotos leer una parte de la memoria del sistema.

This update for postgresql, postgresql15, postgresql16 fixes the following issues. This update ships postgresql 16. Fixed handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure of server memory following the text value. Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes, but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. Changes in postgresql16. Upgrade to 16.1.

*Credits: Upstream acknowledges Jingzhou Fu as the original reporter.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

None

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2023-10-31 CVE Reserved
2023-11-14 CVE Published
2024-11-15 CVE Updated
2025-06-05 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-686: Function Call With Incorrect Argument Type

CAPEC

References (26)

URL	Tag	Source
https://security.netapp.com/advisory/ntap-20240119-0003
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749	Release Notes

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://access.redhat.com/errata/RHSA-2023:7545	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7579	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7580	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7581	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7616	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7656	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7666	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7667	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7694	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7695	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7714	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7770	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7772	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7784	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7785	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7883	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7884	2024-01-25
https://access.redhat.com/errata/RHSA-2023:7885	2024-01-25
https://access.redhat.com/errata/RHSA-2024:0304	2024-01-25
https://access.redhat.com/errata/RHSA-2024:0332	2024-01-25
https://access.redhat.com/errata/RHSA-2024:0337	2024-01-25
https://access.redhat.com/security/cve/CVE-2023-5868	2024-01-22
https://bugzilla.redhat.com/show_bug.cgi?id=2247168	2024-01-22
https://www.postgresql.org/support/security/CVE-2023-5868	2024-01-25

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 11.0 < 11.22 Search vendor "Postgresql" for product "Postgresql" and version " >= 11.0 < 11.22"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 12.0 < 12.17 Search vendor "Postgresql" for product "Postgresql" and version " >= 12.0 < 12.17"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 13.0 < 13.13 Search vendor "Postgresql" for product "Postgresql" and version " >= 13.0 < 13.13"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 14.0 < 14.10 Search vendor "Postgresql" for product "Postgresql" and version " >= 14.0 < 14.10"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				>= 15.0 < 15.5 Search vendor "Postgresql" for product "Postgresql" and version " >= 15.0 < 15.5"		-		Affected
Postgresql Search vendor "Postgresql"		Postgresql Search vendor "Postgresql" for product "Postgresql"				16.0 Search vendor "Postgresql" for product "Postgresql" and version "16.0"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus"				9.2 Search vendor "Redhat" for product "Codeready Linux Builder Eus" and version "9.2"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Eus For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus"				9.0_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" and version "9.0_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder Eus For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus"				9.2_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" and version "9.2_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus"				8.6_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "8.6_aarch64"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus"				9.0_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "9.0_aarch64"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus"				9.2_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "9.2_aarch64"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Ibm Z Systems Eus Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus"				9.0_s390x Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" and version "9.0_s390x"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Ibm Z Systems Eus Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus"				9.2_s390x Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" and version "9.2_s390x"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus"				9.0_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "9.0_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus"				9.2_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "9.2_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Software Collections Search vendor "Redhat" for product "Software Collections"				1.0 Search vendor "Redhat" for product "Software Collections" and version "1.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				8.8 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.8"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				9.0 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus"				9.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64"				8.0 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" and version "8.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64"				8.8_aarch64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" and version "8.8_aarch64"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems"				8.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "8.0_s390x"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				8.6_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.6_s390x"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				8.8_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.8_s390x"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				9.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "9.0_s390x"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus"				9.2_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "9.2_s390x"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"				8.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "8.0_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				8.6_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.6_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				8.8_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.8_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				9.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.0_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus"				9.2_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.2_ppc64le"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				8.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				8.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.6"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus"				9.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "9.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				8.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus"				8.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.6"		-		Affected