CVE-2023-5869
Postgresql: buffer overrun from integer overflow in array modification
CVSS Score
8.8
EPSS Score
0.0%
EPSS Percentile
0th
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
| CWE | CWE-190 |
| Vendor | red hat |
| Product | red hat advanced cluster security 4.2 |
| Published | Dec 10, 2023 |
| Last Updated | Mar 11, 2026 |
Stay Ahead of the Next One
Get instant alerts for red hat red hat advanced cluster security 4.2
Be the first to know when new high vulnerabilities affecting red hat red hat advanced cluster security 4.2 are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected Versions
Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Advanced Cluster Security 4.2
All versions affected Red Hat / Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Advanced Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Telecommunications Update Service
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected Red Hat / Red Hat Enterprise Linux 9.0 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected Red Hat / Red Hat Software Collections for Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Software Collections for Red Hat Enterprise Linux 7
All versions affected Red Hat / Red Hat Software Collections for Red Hat Enterprise Linux 7
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-3.74-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / RHACS-4.1-RHEL-8
All versions affected Red Hat / Red Hat Enterprise Linux 6
All versions affected Red Hat / Red Hat Enterprise Linux 8
All versions affected Red Hat / Red Hat Enterprise Linux 9
All versions affected References
access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7545 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7579 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7580 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7581 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7616 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7656 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7666 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7667 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7694 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7695 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7714 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7770 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7771 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7772 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7778 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7783 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7784 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7785 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7786 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7788 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7789 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7790 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7878 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7883 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7884 access.redhat.com: https://access.redhat.com/errata/RHSA-2023:7885 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0304 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0332 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:0337 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-5869 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2247169 postgresql.org: https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/ postgresql.org: https://www.postgresql.org/support/security/CVE-2023-5869/ security.netapp.com: https://security.netapp.com/advisory/ntap-20240119-0003/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
Credits
Upstream acknowledges Pedro Gallegos as the original reporter.