CVE-2023-5869

8.8 HIGH

Published: December 10, 2023 Modified: November 04, 2025

Description

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7545

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7579

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7580

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7581

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7616

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7656

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7666

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7667

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7694

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7695

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7714

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7770

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7771

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7772

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7778

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7783

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2023:7784

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7785

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7786

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7788

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7789

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7790

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7878

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7883

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7884

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2023:7885

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0304

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0332

Source: secalert@redhat.com

https://access.redhat.com/errata/RHSA-2024:0337

Source: secalert@redhat.com

https://access.redhat.com/security/cve/CVE-2023-5869

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=2247169

Source: secalert@redhat.com

Issue Tracking

https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

Source: secalert@redhat.com

Release Notes

https://www.postgresql.org/support/security/CVE-2023-5869/

Source: secalert@redhat.com

Vendor Advisory

https://access.redhat.com/errata/RHSA-2023:7545