What is CVE-2023-5869?

CVE-2023-5869 is a vulnerability that allows for buffer overrun from integer overflow in array modification.

How severe is CVE-2023-5869?

CVE-2023-5869 has a severity level of high (7).

Which software versions are affected by CVE-2023-5869?

The affected software versions include postgresql-11, postgresql-13, postgresql-15, postgresql-16, PostgreSQL, and postgresql-14.

How can I fix CVE-2023-5869?

To fix CVE-2023-5869, update your PostgreSQL package to the recommended remedy versions provided by the source (debian, redhat, or ubuntu).

Where can I find more information about CVE-2023-5869?

You can find more information about CVE-2023-5869 at the following references: [link1], [link2], [link3].

Vulnerability/
CVE-2023-5869

high

8.8

CWE

190

EPSS

1.160%

31/10/2023

15/11/2023

10/12/2023

2/2/2024

CVE-2023-5869: Postgresql: buffer overrun from integer overflow in array modification

First published: Tue Oct 31 2023(Updated: )

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
ubuntu/postgresql-14	<14.10	14.10
ubuntu/postgresql-14	<14.10-0ubuntu0.22.04.1	14.10-0ubuntu0.22.04.1
ubuntu/postgresql-12	<12.17-0ubuntu0.20.04.1	12.17-0ubuntu0.20.04.1
ubuntu/postgresql-12	<12.17	12.17
ubuntu/postgresql-10	<10.23-0ubuntu0.18.04.2+	10.23-0ubuntu0.18.04.2+
ubuntu/postgresql-9.5	<9.5.25-0ubuntu0.16.04.1+	9.5.25-0ubuntu0.16.04.1+
ubuntu/postgresql-15	<15.5	15.5
ubuntu/postgresql-15	<15.5-0ubuntu0.23.04.1	15.5-0ubuntu0.23.04.1
ubuntu/postgresql-15	<15.5-0ubuntu0.23.10.1	15.5-0ubuntu0.23.10.1
ubuntu/postgresql-16	<16.1	16.1
redhat/PostgreSQL	<16.1	16.1
redhat/PostgreSQL	<15.5	15.5
redhat/PostgreSQL	<14.10	14.10
redhat/PostgreSQL	<13.13	13.13
redhat/PostgreSQL	<12.17	12.17
redhat/PostgreSQL	<11.22	11.22
Postgresql Postgresql	>=11.0<11.22
Postgresql Postgresql	>=12.0<12.17
Postgresql Postgresql	>=13.0<13.13
Postgresql Postgresql	>=14.0<14.10
Postgresql Postgresql	>=15.0<15.5
Postgresql Postgresql	=16.0
Redhat Codeready Linux Builder Eus	=9.2
Redhat Codeready Linux Builder Eus For Power Little Endian Eus	=9.0_ppc64le
Redhat Codeready Linux Builder Eus For Power Little Endian Eus	=9.2_ppc64le
Redhat Codeready Linux Builder For Arm64 Eus	=8.6_aarch64
Redhat Codeready Linux Builder For Arm64 Eus	=9.0_aarch64
Redhat Codeready Linux Builder For Arm64 Eus	=9.2_aarch64
Redhat Codeready Linux Builder For Ibm Z Systems Eus	=9.0_s390x
Redhat Codeready Linux Builder For Ibm Z Systems Eus	=9.2_s390x
Redhat Codeready Linux Builder For Power Little Endian Eus	=9.0_ppc64le
Redhat Codeready Linux Builder For Power Little Endian Eus	=9.2_ppc64le
Redhat Software Collections	=1.0
Redhat Enterprise Linux	=8.0
Redhat Enterprise Linux	=9.0
Redhat Enterprise Linux Desktop	=7.0
Redhat Enterprise Linux Eus	=8.6
Redhat Enterprise Linux Eus	=8.8
Redhat Enterprise Linux Eus	=9.0
Redhat Enterprise Linux Eus	=9.2
Redhat Enterprise Linux For Arm 64	=8.0
Redhat Enterprise Linux For Arm 64	=8.8_aarch64
Redhat Enterprise Linux For Ibm Z Systems	=7.0_s390x
Redhat Enterprise Linux For Ibm Z Systems	=8.0_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus	=8.6_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus	=8.8_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus	=9.0_s390x
Redhat Enterprise Linux For Ibm Z Systems Eus	=9.2_s390x
Redhat Enterprise Linux For Power Big Endian	=7.0_ppc64
Redhat Enterprise Linux For Power Little Endian	=7.0_ppc64le
Redhat Enterprise Linux For Power Little Endian	=8.0_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=8.6_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=8.8_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=9.0_ppc64le
Redhat Enterprise Linux For Power Little Endian Eus	=9.2_ppc64le
Redhat Enterprise Linux For Scientific Computing	=7.0
Redhat Enterprise Linux Server	=7.0
Redhat Enterprise Linux Server Aus	=8.2
Redhat Enterprise Linux Server Aus	=8.4
Redhat Enterprise Linux Server Aus	=8.6
Redhat Enterprise Linux Server Aus	=9.2
Redhat Enterprise Linux Server Tus	=8.2
Redhat Enterprise Linux Server Tus	=8.4
Redhat Enterprise Linux Server Tus	=8.6
Redhat Enterprise Linux Workstation	=7.0
debian/postgresql-11	<=11.16-0+deb10u1	11.22-0+deb10u1
debian/postgresql-13	<=13.11-0+deb11u1	13.13-0+deb11u1
debian/postgresql-15		15.5-0+deb12u1
debian/postgresql-16		16.1-1 16.2-1

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2023-5869?
CVE-2023-5869 is a vulnerability that allows for buffer overrun from integer overflow in array modification.
How severe is CVE-2023-5869?
CVE-2023-5869 has a severity level of high (7).
Which software versions are affected by CVE-2023-5869?
The affected software versions include postgresql-11, postgresql-13, postgresql-15, postgresql-16, PostgreSQL, and postgresql-14.
How can I fix CVE-2023-5869?
To fix CVE-2023-5869, update your PostgreSQL package to the recommended remedy versions provided by the source (debian, redhat, or ubuntu).
Where can I find more information about CVE-2023-5869?
You can find more information about CVE-2023-5869 at the following references: [link1], [link2], [link3].

agent/first-publish-date
agent/type
agent/author
agent/severity
agent/title
collector/epss-latest
source/FIRST
agent/epss
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/usn-cve
source/Ubuntu
agent/weakness
agent/softwarecombine
agent/description
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2023-5869
agent/references
agent/tags
collector/nvd-api
source/NVD
collector/mitre-cve
source/MITRE
agent/last-modified-date
collector/nvd-cve
collector/launchpad-cve
source/Launchpad
agent/event
collector/ibm-support
source/IBM
package-manager/debian
package-manager/ubuntu
package-manager/redhat
vendor/postgresql
canonical/postgresql postgresql
version/postgresql postgresql/11.0
version/postgresql postgresql/12.0
version/postgresql postgresql/13.0
version/postgresql postgresql/14.0
version/postgresql postgresql/15.0
version/postgresql postgresql/16.0
vendor/redhat
canonical/redhat codeready linux builder eus
version/redhat codeready linux builder eus/9.2
canonical/redhat codeready linux builder eus for power little endian eus
version/redhat codeready linux builder eus for power little endian eus/9.0_ppc64le
version/redhat codeready linux builder eus for power little endian eus/9.2_ppc64le
canonical/redhat codeready linux builder for arm64 eus
version/redhat codeready linux builder for arm64 eus/8.6_aarch64
version/redhat codeready linux builder for arm64 eus/9.0_aarch64
version/redhat codeready linux builder for arm64 eus/9.2_aarch64
canonical/redhat codeready linux builder for ibm z systems eus
version/redhat codeready linux builder for ibm z systems eus/9.0_s390x
version/redhat codeready linux builder for ibm z systems eus/9.2_s390x
canonical/redhat codeready linux builder for power little endian eus
version/redhat codeready linux builder for power little endian eus/9.0_ppc64le
version/redhat codeready linux builder for power little endian eus/9.2_ppc64le
canonical/redhat software collections
version/redhat software collections/1.0
canonical/redhat enterprise linux
version/redhat enterprise linux/8.0
version/redhat enterprise linux/9.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/7.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/8.6
version/redhat enterprise linux eus/8.8
version/redhat enterprise linux eus/9.0
version/redhat enterprise linux eus/9.2
canonical/redhat enterprise linux for arm 64
version/redhat enterprise linux for arm 64/8.0
version/redhat enterprise linux for arm 64/8.8_aarch64
canonical/redhat enterprise linux for ibm z systems
version/redhat enterprise linux for ibm z systems/7.0_s390x
version/redhat enterprise linux for ibm z systems/8.0_s390x
canonical/redhat enterprise linux for ibm z systems eus
version/redhat enterprise linux for ibm z systems eus/8.6_s390x
version/redhat enterprise linux for ibm z systems eus/8.8_s390x
version/redhat enterprise linux for ibm z systems eus/9.0_s390x
version/redhat enterprise linux for ibm z systems eus/9.2_s390x
canonical/redhat enterprise linux for power big endian
version/redhat enterprise linux for power big endian/7.0_ppc64
canonical/redhat enterprise linux for power little endian
version/redhat enterprise linux for power little endian/7.0_ppc64le
version/redhat enterprise linux for power little endian/8.0_ppc64le
canonical/redhat enterprise linux for power little endian eus
version/redhat enterprise linux for power little endian eus/8.6_ppc64le
version/redhat enterprise linux for power little endian eus/8.8_ppc64le
version/redhat enterprise linux for power little endian eus/9.0_ppc64le
version/redhat enterprise linux for power little endian eus/9.2_ppc64le
canonical/redhat enterprise linux for scientific computing
version/redhat enterprise linux for scientific computing/7.0
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.0
canonical/redhat enterprise linux server aus
version/redhat enterprise linux server aus/8.2
version/redhat enterprise linux server aus/8.4
version/redhat enterprise linux server aus/8.6
version/redhat enterprise linux server aus/9.2
canonical/redhat enterprise linux server tus
version/redhat enterprise linux server tus/8.2
version/redhat enterprise linux server tus/8.4
version/redhat enterprise linux server tus/8.6
canonical/redhat enterprise linux workstation
version/redhat enterprise linux workstation/7.0