CVE-2023-5868

4.3 MEDIUM

Published: December 10, 2023 Modified: November 04, 2025

Description

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7545

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7579

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7580

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7581

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7616

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7656

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7666

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7667

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7694

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7695

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7714

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7770

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7772

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7784

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7785

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7883

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7884

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7885

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0304

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0332

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0337

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-5868

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2247168

Source: secalert@redhat.com

Issue Tracking

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

Source: secalert@redhat.com

Release Notes

https://www.postgresql.org/support/security/CVE-2023-5868/

Source: secalert@redhat.com

Mitigation Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:7545