CVE-2023-5868

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Dec 10, 2023

Updated: Jan 25, 2024

CWE ID 686

Summary

CVE-2023-5868 is a memory disclosure vulnerability affecting PostgreSQL. It enables remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. When the database handles 'unknown'-type values from string literals without proper type designation, it results in excessive data output, allowing attackers to read some portion of system memory and potentially reveal notable and confidential information.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

PostgreSQL
Red Hat Enterprise Linux
Redhat Software Collections
Redhat Enterprise Linux For Ibm Z Systems

Affected Vendors

Postgresql
Red Hat

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/tNsFI-
https://www.cve.org/CVERecord?id=CVE-2023-5868
https://nvd.nist.gov/vuln/detail/CVE-2023-5868

Back to Vulnerability Database