CVE-2023-5869

Postgresql: buffer overrun from integer overflow in array modification

Description

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Remediation

Workaround:

Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.

Category

8.8

CVSS

Severity: High

CVSS 3.1 •

EPSS 1.20% Top 25%

Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory postgresql.org

Affected: Red Hat Red Hat Advanced Cluster Security 4.2

Affected: Red Hat Red Hat Advanced Cluster Security 4.2

Affected: Red Hat Red Hat Advanced Cluster Security 4.2

Affected: Red Hat Red Hat Advanced Cluster Security 4.2

Affected: Red Hat Red Hat Advanced Cluster Security 4.2

Affected: Red Hat Red Hat Enterprise Linux 7

Affected: Red Hat Red Hat Enterprise Linux 8

Affected: Red Hat Red Hat Enterprise Linux 8

Affected: Red Hat Red Hat Enterprise Linux 8

Affected: Red Hat Red Hat Enterprise Linux 8

Affected: Red Hat Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Affected: Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions

Affected: Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 9

Affected: Red Hat Red Hat Enterprise Linux 9

Affected: Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support

Affected: Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support

Affected: Red Hat Red Hat Software Collections for Red Hat Enterprise Linux 7

Affected: Red Hat Red Hat Software Collections for Red Hat Enterprise Linux 7

Affected: Red Hat Red Hat Software Collections for Red Hat Enterprise Linux 7

Affected: Red Hat RHACS-3.74-RHEL-8

Affected: Red Hat RHACS-3.74-RHEL-8

Affected: Red Hat RHACS-3.74-RHEL-8

Affected: Red Hat RHACS-3.74-RHEL-8

Affected: Red Hat RHACS-3.74-RHEL-8

Affected: Red Hat RHACS-4.1-RHEL-8

Affected: Red Hat RHACS-4.1-RHEL-8

Affected: Red Hat RHACS-4.1-RHEL-8

Affected: Red Hat RHACS-4.1-RHEL-8

Affected: Red Hat RHACS-4.1-RHEL-8

Affected: Red Hat Red Hat Enterprise Linux 6

Affected: Red Hat Red Hat Enterprise Linux 8

Affected: Red Hat Red Hat Enterprise Linux 9

References

Link	Tags
https://access.redhat.com/errata/RHSA-2023:7545	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7579	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7580	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7581	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7616	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7656	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7666	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7667	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7694	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7695	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7714	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7770	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7771	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7772	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7778	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7783	third party advisory vendor advisory
https://access.redhat.com/errata/RHSA-2023:7784	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7785	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7786	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7788	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7789	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7790	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7878	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7883	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7884	vendor advisory
https://access.redhat.com/errata/RHSA-2023:7885	vendor advisory
https://access.redhat.com/errata/RHSA-2024:0304	vendor advisory
https://access.redhat.com/errata/RHSA-2024:0332	vendor advisory
https://access.redhat.com/errata/RHSA-2024:0337	vendor advisory
https://access.redhat.com/security/cve/CVE-2023-5869	third party advisory vdb entry
https://bugzilla.redhat.com/show_bug.cgi?id=2247169	issue tracking
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/	release notes
https://www.postgresql.org/support/security/CVE-2023-5869/	vendor advisory
https://security.netapp.com/advisory/ntap-20240119-0003/

Frequently Asked Questions

What is the severity of CVE-2023-5869?: CVE-2023-5869 has been scored as a high severity vulnerability.
How to fix CVE-2023-5869?: As a workaround for remediating CVE-2023-5869: Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Is CVE-2023-5869 being actively exploited in the wild?: It is possible that CVE-2023-5869 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~1% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-5869?: CVE-2023-5869 affects Red Hat Red Hat Advanced Cluster Security 4.2, Red Hat Red Hat Advanced Cluster Security 4.2, Red Hat Red Hat Advanced Cluster Security 4.2, Red Hat Red Hat Advanced Cluster Security 4.2, Red Hat Red Hat Advanced Cluster Security 4.2, Red Hat Red Hat Enterprise Linux 7, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.2 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.6 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9, Red Hat Red Hat Enterprise Linux 9.0 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Enterprise Linux 9.2 Extended Update Support, Red Hat Red Hat Software Collections for Red Hat Enterprise Linux 7, Red Hat Red Hat Software Collections for Red Hat Enterprise Linux 7, Red Hat Red Hat Software Collections for Red Hat Enterprise Linux 7, Red Hat RHACS-3.74-RHEL-8, Red Hat RHACS-3.74-RHEL-8, Red Hat RHACS-3.74-RHEL-8, Red Hat RHACS-3.74-RHEL-8, Red Hat RHACS-3.74-RHEL-8, Red Hat RHACS-4.1-RHEL-8, Red Hat RHACS-4.1-RHEL-8, Red Hat RHACS-4.1-RHEL-8, Red Hat RHACS-4.1-RHEL-8, Red Hat RHACS-4.1-RHEL-8, Red Hat Red Hat Enterprise Linux 6, Red Hat Red Hat Enterprise Linux 8, Red Hat Red Hat Enterprise Linux 9.

This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.

© 2025 Under My Watch. All Rights Reserved.