CVE-2023-5869

HIGH8.8EPSS 1.6%

Postgresql: buffer overrun from integer overflow in array modification

發布日:2023/12/10修改日:2025/11/19

也稱為:ALPINE-CVE-2023-5869

描述

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

受影響套件(6)

Alpine/postgresql14from 0, < 14.10-r0
Alpine/postgresql15from 0, < 15.5-r0
Alpine/postgresql16from 0, < 16.1-r0
Bitnami/postgresql>= 11.0.0, < 11.22.0, >= 12.0.0, < 12.17.0, >= 13.0.0, < 13.13.0, >= 14.0.0, < 14.10.0, >= 15.0.0, < 15.5.0, >= 16.0.0, < 16.0.1
Debian/postgresql-13from 0, < 13.13-0+deb11u1
Debian/postgresql-15from 0, < 15.5-0+deb12u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

描述

受影響套件(6)

CVSS 分數

參考連結(38)