CVE-2023-5868
Postgresql: memory disclosure in aggregate function calls
CVSS Score
4.3
EPSS Score
0.0%
EPSS Percentile
0th
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
| CWE | CWE-686 |
| Vendor | red hat |
| Product | red hat advanced cluster security 4.2 |
| Published | Dec 10, 2023 |
| Last Updated | Mar 12, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat advanced cluster security 4.2
Be the first to know when new medium vulnerabilities affecting red hat red hat advanced cluster security 4.2 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Affected Versions
Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Software Collections for Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Software Collections for Red Hat Enterprise Linux 7
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Software Collections
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7545 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7579 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7580 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7581 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7616 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7656 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7666 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7667 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7694 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7695 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7714 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7770 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7772 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7784 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7785 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7883 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7884 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7885 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0304 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0332 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0337 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-5868 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2247168 postgresql.org: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ postgresql.org: https://www.postgresql.org/support/security/CVE-2023-5868/ security.netapp.com: https://security.netapp.com/advisory/ntap-20240119-0003/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
Credits
Upstream acknowledges Jingzhou Fu as the original reporter.