What is CVE-2023-5869?

CVE-2023-5869 is a high-severity vulnerability in Postgresql, classified under Integer Overflow or Wraparound. CVSS score: 8.8/10. Published 2023-12-10.

How severe is CVE-2023-5869?

High severity. CVSS v3 base score is 8.8 out of 10.

Is CVE-2023-5869 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Integer overflow in Postgresql

CVE-2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification w…

Vulnerability class: Integer Overflow

EPSS: 0.043 (89.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Postgresql — versions 16.0
Red Hat Advanced Cluster Security 4.2 — versions 4.2.4-6, 4.2.4-7
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7 — versions 0:9.2.24-9.el7_9
Red Hat Enterprise Linux 8 — versions 8090020231114113712.a75119d5, 8090020231128173330.a75119d5, 8090020231201202407.a75119d5
Red Hat Enterprise Linux 8.1 Update Services For Sap Solutions — versions 8010020231130170510.c27ad7f8
Red Hat Enterprise Linux 8.2 Advanced Update Support — versions 8020020231128165246.4cda2c84, 8020020231201202149.4cda2c84
Red Hat Enterprise Linux 8.2 Telecommunications Update Service — versions 8020020231128165246.4cda2c84, 8020020231201202149.4cda2c84
Red Hat Enterprise Linux 8.2 Update Services For Sap Solutions — versions 8020020231128165246.4cda2c84, 8020020231201202149.4cda2c84
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support — versions 8040020231127153301.522a0ee4, 8040020231127154806.522a0ee4, 8040020231127142440.522a0ee4

Weakness classification (CWE)

CWE-190 — Integer Overflow or Wraparound

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)

Frequently asked questions

What is CVE-2023-5869?: CVE-2023-5869 is a high-severity vulnerability in Postgresql, classified under Integer Overflow or Wraparound. CVSS score: 8.8/10. Published 2023-12-10.
How severe is CVE-2023-5869?: High severity. CVSS v3 base score is 8.8 out of 10.
Is CVE-2023-5869 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.