CVE-2023-5868

MEDIUMMonitor

Published:Dec 10, 2023(2 years ago)

Modified:Nov 4, 2025

Remote ExploitNo InteractionLow Complexity

Vulnerability Description

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Attack Characteristics

Network AccessLow ComplexityLow PrivilegesNo User Interaction

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
postgresql	postgresql	11.0 - 11.22	-
postgresql	postgresql	12.0 - 12.17	-
postgresql	postgresql

Timeline

Published
CVE disclosed publicly
Dec 10, 20232 years ago
Last Modified
Most recent update
Nov 4, 20256 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20261 month ago

References

https://access.redhat.com/errata/RHSA-2023:7545Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580Third Party Advisory

CVSS Score

v3.1

4.3/ 10.0

MEDIUM

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

At a Glance

Affected Products

References

postgresql / postgresql

https://access.redhat.com/errata/RHSA-2023:7581Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7616Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7656Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7666Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7667Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7694Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7695Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7714Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7770Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7772Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7784

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7883

https://access.redhat.com/errata/RHSA-2023:7884

https://access.redhat.com/errata/RHSA-2023:7885

https://access.redhat.com/errata/RHSA-2024:0304

https://access.redhat.com/errata/RHSA-2024:0332

https://access.redhat.com/errata/RHSA-2024:0337

https://access.redhat.com/security/cve/CVE-2023-5868Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2247168Issue Tracking

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-121...Release Notes

https://www.postgresql.org/support/security/CVE-2023-5868/Mitigation

https://access.redhat.com/errata/RHSA-2023:7545Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7579Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7580Third Party Advisory