Bug 2247168 (CVE-2023-5868) - CVE-2023-5868 postgresql: Memory disclosure in aggregate function calls
Summary: CVE-2023-5868 postgresql: Memory disclosure in aggregate function calls
Keywords:
Status: NEW
Alias: CVE-2023-5868
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2249041 2249042 2249043 2249044 2249045 2249046 2248842 2248844 2249777
Blocks: 2247166
TreeView+ depends on / blocked
 
Reported: 2023-10-31 04:09 UTC by Avinash Hanwate
Modified: 2024-04-03 08:24 UTC (History)
18 users (show)

Fixed In Version: PostgreSQL 16.1, PostgreSQL 15.5, PostgreSQL 14.10, PostgreSQL 13.13, PostgreSQL 12.17, PostgreSQL 11.22
Doc Type: If docs needed, set a value
Doc Text:
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:7618 0 None None None 2023-11-30 16:04:10 UTC
Red Hat Product Errata RHBA-2023:7774 0 None None None 2023-12-13 09:52:06 UTC
Red Hat Product Errata RHBA-2023:7779 0 None None None 2023-12-13 14:34:43 UTC
Red Hat Product Errata RHBA-2024:0031 0 None None None 2024-01-02 13:43:42 UTC
Red Hat Product Errata RHBA-2024:0063 0 None None None 2024-01-04 07:36:04 UTC
Red Hat Product Errata RHBA-2024:0099 0 None None None 2024-01-09 16:22:52 UTC
Red Hat Product Errata RHBA-2024:0109 0 None None None 2024-01-10 08:29:46 UTC
Red Hat Product Errata RHSA-2023:7545 0 None None None 2023-11-28 15:08:39 UTC
Red Hat Product Errata RHSA-2023:7579 0 None None None 2023-11-29 14:07:21 UTC
Red Hat Product Errata RHSA-2023:7580 0 None None None 2023-11-29 14:10:20 UTC
Red Hat Product Errata RHSA-2023:7581 0 None None None 2023-11-29 14:11:37 UTC
Red Hat Product Errata RHSA-2023:7616 0 None None None 2023-11-30 14:57:05 UTC
Red Hat Product Errata RHSA-2023:7656 0 None None None 2023-12-05 16:03:43 UTC
Red Hat Product Errata RHSA-2023:7666 0 None None None 2023-12-06 09:48:13 UTC
Red Hat Product Errata RHSA-2023:7667 0 None None None 2023-12-06 09:47:21 UTC
Red Hat Product Errata RHSA-2023:7694 0 None None None 2023-12-07 08:20:33 UTC
Red Hat Product Errata RHSA-2023:7695 0 None None None 2023-12-07 08:20:53 UTC
Red Hat Product Errata RHSA-2023:7714 0 None None None 2023-12-11 09:49:28 UTC
Red Hat Product Errata RHSA-2023:7770 0 None None None 2023-12-13 08:02:17 UTC
Red Hat Product Errata RHSA-2023:7772 0 None None None 2023-12-13 08:02:51 UTC
Red Hat Product Errata RHSA-2023:7784 0 None None None 2023-12-13 15:31:13 UTC
Red Hat Product Errata RHSA-2023:7785 0 None None None 2023-12-13 15:31:32 UTC
Red Hat Product Errata RHSA-2023:7883 0 None None None 2023-12-20 10:50:23 UTC
Red Hat Product Errata RHSA-2023:7884 0 None None None 2023-12-20 10:50:39 UTC
Red Hat Product Errata RHSA-2023:7885 0 None None None 2023-12-20 10:50:08 UTC
Red Hat Product Errata RHSA-2024:0304 0 None None None 2024-01-18 20:42:04 UTC
Red Hat Product Errata RHSA-2024:0332 0 None None None 2024-01-22 18:54:22 UTC
Red Hat Product Errata RHSA-2024:0337 0 None None None 2024-01-22 20:55:26 UTC

Description Avinash Hanwate 2023-10-31 04:09:29 UTC 
Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to
the next zero byte.  One typically gets an "unknown"-type value via a string literal having no type designation.  We have not confirmed or ruled out
viability of attacks that arrange for presence of notable, confidential information in disclosed bytes.
Comment 13 TEJ RATHI 2023-11-10 10:21:12 UTC 
This CVE is public now (lifting embargo...)
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
Comment 14 TEJ RATHI 2023-11-10 11:23:48 UTC 
Created mingw-postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249042]


Created postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249041]


Created postgresql:12/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249043]


Created postgresql:13/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249044]


Created postgresql:14/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249045]


Created postgresql:15/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249046]
Comment 17 errata-xmlrpc 2023-11-28 15:08:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7545
Comment 18 errata-xmlrpc 2023-11-29 14:07:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7579
Comment 19 errata-xmlrpc 2023-11-29 14:10:19 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7580
Comment 20 errata-xmlrpc 2023-11-29 14:11:35 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7581
Comment 21 errata-xmlrpc 2023-11-30 14:57:04 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7616
Comment 23 errata-xmlrpc 2023-12-05 16:03:41 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7656
Comment 24 errata-xmlrpc 2023-12-06 09:47:20 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7667
Comment 25 errata-xmlrpc 2023-12-06 09:48:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7666
Comment 26 errata-xmlrpc 2023-12-07 08:20:32 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7694 https://access.redhat.com/errata/RHSA-2023:7694
Comment 27 errata-xmlrpc 2023-12-07 08:20:52 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7695 https://access.redhat.com/errata/RHSA-2023:7695
Comment 28 errata-xmlrpc 2023-12-11 09:49:26 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7714 https://access.redhat.com/errata/RHSA-2023:7714
Comment 29 errata-xmlrpc 2023-12-13 08:02:15 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:7770 https://access.redhat.com/errata/RHSA-2023:7770
Comment 30 errata-xmlrpc 2023-12-13 08:02:50 UTC 
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:7772 https://access.redhat.com/errata/RHSA-2023:7772
Comment 31 errata-xmlrpc 2023-12-13 15:31:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7784 https://access.redhat.com/errata/RHSA-2023:7784
Comment 32 errata-xmlrpc 2023-12-13 15:31:31 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7785 https://access.redhat.com/errata/RHSA-2023:7785
Comment 33 errata-xmlrpc 2023-12-20 10:50:07 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7885 https://access.redhat.com/errata/RHSA-2023:7885
Comment 34 errata-xmlrpc 2023-12-20 10:50:21 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7883 https://access.redhat.com/errata/RHSA-2023:7883
Comment 35 errata-xmlrpc 2023-12-20 10:50:37 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7884 https://access.redhat.com/errata/RHSA-2023:7884
Comment 37 errata-xmlrpc 2024-01-18 20:42:03 UTC 
This issue has been addressed in the following products:

  RHACS-3.74-RHEL-8

Via RHSA-2024:0304 https://access.redhat.com/errata/RHSA-2024:0304
Comment 38 errata-xmlrpc 2024-01-22 18:54:21 UTC 
This issue has been addressed in the following products:

  RHACS-4.1-RHEL-8

Via RHSA-2024:0332 https://access.redhat.com/errata/RHSA-2024:0332
Comment 39 errata-xmlrpc 2024-01-22 20:55:25 UTC 
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.2

Via RHSA-2024:0337 https://access.redhat.com/errata/RHSA-2024:0337
Note You need to log in before you can comment on or make changes to this bug.