[Forgot Password]
Login  Register Subscribe

30481

 
 

423868

 
 

256288

 
 

909

 
 

199146

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2023-5868Date: (C)2023-11-29   (M)2024-06-25


A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 4.3CVSS Score :
Exploit Score: 2.8Exploit Score:
Impact Score: 1.4Impact Score:
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector:
Attack Complexity: LOWAccess Complexity:
Privileges Required: LOWAuthentication:
User Interaction: NONEConfidentiality:
Scope: UNCHANGEDIntegrity:
Confidentiality: LOWAvailability:
Integrity: NONE 
Availability: NONE 
  
Reference:
RHBZ#2247168
RHSA-2023:7545
RHSA-2023:7579
RHSA-2023:7580
RHSA-2023:7581
RHSA-2023:7616
RHSA-2023:7656
RHSA-2023:7666
RHSA-2023:7667
RHSA-2023:7694
RHSA-2023:7695
RHSA-2023:7714
RHSA-2023:7770
RHSA-2023:7772
RHSA-2023:7784
RHSA-2023:7785
RHSA-2023:7883
RHSA-2023:7884
RHSA-2023:7885
RHSA-2024:0304
RHSA-2024:0332
RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5868
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5868/

OVAL    37
oval:org.secpod.oval:def:508150
oval:org.secpod.oval:def:708646
oval:org.secpod.oval:def:89051362
oval:org.secpod.oval:def:89051125
...

© SecPod Technologies