Bug 2247169 (CVE-2023-5869) - CVE-2023-5869 postgresql: Buffer overrun from integer overflow in array modification
Summary: CVE-2023-5869 postgresql: Buffer overrun from integer overflow in array modif...
Keywords:
Status: NEW
Alias: CVE-2023-5869
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2249041 2249042 2249043 2249044 2249045 2249046 2248842 2248843 2248844
Blocks: 2247166
TreeView+ depends on / blocked
 
Reported: 2023-10-31 04:11 UTC by Avinash Hanwate
Modified: 2024-01-22 20:55 UTC (History)
18 users (show)

Fixed In Version: PostgreSQL 16.1, PostgreSQL 15.5, PostgreSQL 14.10, PostgreSQL 13.13, PostgreSQL 12.17, PostgreSQL 11.22
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Clone Of:
Environment:
Last Closed:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2023:7220 0 None None None 2023-12-20 09:33:36 UTC
Red Hat Product Errata RHBA-2023:7618 0 None None None 2023-11-30 16:04:11 UTC
Red Hat Product Errata RHBA-2023:7774 0 None None None 2023-12-13 09:52:07 UTC
Red Hat Product Errata RHBA-2023:7777 0 None None None 2023-12-13 14:13:39 UTC
Red Hat Product Errata RHBA-2023:7779 0 None None None 2023-12-13 14:34:45 UTC
Red Hat Product Errata RHBA-2023:7818 0 None None None 2023-12-13 18:32:12 UTC
Red Hat Product Errata RHBA-2024:0031 0 None None None 2024-01-02 13:43:42 UTC
Red Hat Product Errata RHBA-2024:0063 0 None None None 2024-01-04 07:36:06 UTC
Red Hat Product Errata RHBA-2024:0064 0 None None None 2024-01-04 08:31:48 UTC
Red Hat Product Errata RHBA-2024:0099 0 None None None 2024-01-09 16:22:54 UTC
Red Hat Product Errata RHBA-2024:0109 0 None None None 2024-01-10 08:29:48 UTC
Red Hat Product Errata RHBA-2024:0311 0 None None None 2024-01-22 01:09:58 UTC
Red Hat Product Errata RHSA-2023:7545 0 None None None 2023-11-28 15:08:38 UTC
Red Hat Product Errata RHSA-2023:7579 0 None None None 2023-11-29 14:07:21 UTC
Red Hat Product Errata RHSA-2023:7580 0 None None None 2023-11-29 14:10:19 UTC
Red Hat Product Errata RHSA-2023:7581 0 None None None 2023-11-29 14:11:38 UTC
Red Hat Product Errata RHSA-2023:7616 0 None None None 2023-11-30 14:57:06 UTC
Red Hat Product Errata RHSA-2023:7656 0 None None None 2023-12-05 16:03:44 UTC
Red Hat Product Errata RHSA-2023:7666 0 None None None 2023-12-06 09:48:18 UTC
Red Hat Product Errata RHSA-2023:7667 0 None None None 2023-12-06 09:47:22 UTC
Red Hat Product Errata RHSA-2023:7694 0 None None None 2023-12-07 08:20:34 UTC
Red Hat Product Errata RHSA-2023:7695 0 None None None 2023-12-07 08:20:57 UTC
Red Hat Product Errata RHSA-2023:7714 0 None None None 2023-12-11 09:49:27 UTC
Red Hat Product Errata RHSA-2023:7770 0 None None None 2023-12-13 08:02:17 UTC
Red Hat Product Errata RHSA-2023:7771 0 None None None 2023-12-13 08:03:00 UTC
Red Hat Product Errata RHSA-2023:7772 0 None None None 2023-12-13 08:03:09 UTC
Red Hat Product Errata RHSA-2023:7778 0 None None None 2023-12-13 14:34:00 UTC
Red Hat Product Errata RHSA-2023:7783 0 None None None 2023-12-13 15:13:14 UTC
Red Hat Product Errata RHSA-2023:7784 0 None None None 2023-12-13 15:31:12 UTC
Red Hat Product Errata RHSA-2023:7785 0 None None None 2023-12-13 15:31:33 UTC
Red Hat Product Errata RHSA-2023:7786 0 None None None 2023-12-13 15:25:00 UTC
Red Hat Product Errata RHSA-2023:7788 0 None None None 2023-12-13 16:24:51 UTC
Red Hat Product Errata RHSA-2023:7789 0 None None None 2023-12-13 16:28:39 UTC
Red Hat Product Errata RHSA-2023:7790 0 None None None 2023-12-13 16:28:44 UTC
Red Hat Product Errata RHSA-2023:7878 0 None None None 2023-12-18 07:43:46 UTC
Red Hat Product Errata RHSA-2023:7883 0 None None None 2023-12-20 10:50:23 UTC
Red Hat Product Errata RHSA-2023:7884 0 None None None 2023-12-20 10:50:38 UTC
Red Hat Product Errata RHSA-2023:7885 0 None None None 2023-12-20 10:50:12 UTC
Red Hat Product Errata RHSA-2024:0304 0 None None None 2024-01-18 20:42:04 UTC
Red Hat Product Errata RHSA-2024:0332 0 None None None 2024-01-22 18:54:26 UTC
Red Hat Product Errata RHSA-2024:0337 0 None None None 2024-01-22 20:55:28 UTC

Description Avinash Hanwate 2023-10-31 04:11:50 UTC
While modifying certain SQL array values, missing overflow checks let authenticated database users write arbitrary bytes to a memory area that
facilitates arbitrary code execution.  Missing overflow checks also let authenticated database users read a wide area of server memory.  The CVE-2021-32027 fix covered some attacks of this description, but it missed others.

Comment 15 TEJ RATHI 2023-11-10 10:22:24 UTC
This CVE is public now (lifting embargo...)
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/

Comment 16 TEJ RATHI 2023-11-10 11:23:34 UTC
Created mingw-postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249042]


Created postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249041]


Created postgresql:12/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249043]


Created postgresql:13/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249044]


Created postgresql:14/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249045]


Created postgresql:15/postgresql tracking bugs for this issue:

Affects: fedora-all [bug 2249046]

Comment 19 errata-xmlrpc 2023-11-28 15:08:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Extended Update Support

Via RHSA-2023:7545 https://access.redhat.com/errata/RHSA-2023:7545

Comment 20 errata-xmlrpc 2023-11-29 14:07:19 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7579 https://access.redhat.com/errata/RHSA-2023:7579

Comment 21 errata-xmlrpc 2023-11-29 14:10:17 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7580 https://access.redhat.com/errata/RHSA-2023:7580

Comment 22 errata-xmlrpc 2023-11-29 14:11:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7581 https://access.redhat.com/errata/RHSA-2023:7581

Comment 23 errata-xmlrpc 2023-11-30 14:57:05 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7616 https://access.redhat.com/errata/RHSA-2023:7616

Comment 25 errata-xmlrpc 2023-12-05 16:03:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7656 https://access.redhat.com/errata/RHSA-2023:7656

Comment 26 errata-xmlrpc 2023-12-06 09:47:20 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7667 https://access.redhat.com/errata/RHSA-2023:7667

Comment 27 errata-xmlrpc 2023-12-06 09:48:16 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7666 https://access.redhat.com/errata/RHSA-2023:7666

Comment 28 errata-xmlrpc 2023-12-07 08:20:32 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7694 https://access.redhat.com/errata/RHSA-2023:7694

Comment 29 errata-xmlrpc 2023-12-07 08:20:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7695 https://access.redhat.com/errata/RHSA-2023:7695

Comment 30 errata-xmlrpc 2023-12-11 09:49:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7714 https://access.redhat.com/errata/RHSA-2023:7714

Comment 31 errata-xmlrpc 2023-12-13 08:02:15 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:7770 https://access.redhat.com/errata/RHSA-2023:7770

Comment 32 errata-xmlrpc 2023-12-13 08:02:57 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:7772 https://access.redhat.com/errata/RHSA-2023:7772

Comment 33 errata-xmlrpc 2023-12-13 08:02:59 UTC
This issue has been addressed in the following products:

  Red Hat Software Collections for Red Hat Enterprise Linux 7

Via RHSA-2023:7771 https://access.redhat.com/errata/RHSA-2023:7771

Comment 34 errata-xmlrpc 2023-12-13 14:33:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions

Via RHSA-2023:7778 https://access.redhat.com/errata/RHSA-2023:7778

Comment 35 errata-xmlrpc 2023-12-13 15:13:12 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7

Via RHSA-2023:7783 https://access.redhat.com/errata/RHSA-2023:7783

Comment 36 errata-xmlrpc 2023-12-13 15:24:58 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7786 https://access.redhat.com/errata/RHSA-2023:7786

Comment 37 errata-xmlrpc 2023-12-13 15:31:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7784 https://access.redhat.com/errata/RHSA-2023:7784

Comment 38 errata-xmlrpc 2023-12-13 15:31:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2023:7785 https://access.redhat.com/errata/RHSA-2023:7785

Comment 39 errata-xmlrpc 2023-12-13 16:24:49 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support
  Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.2 Telecommunications Update Service

Via RHSA-2023:7788 https://access.redhat.com/errata/RHSA-2023:7788

Comment 40 errata-xmlrpc 2023-12-13 16:28:37 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Extended Update Support

Via RHSA-2023:7789 https://access.redhat.com/errata/RHSA-2023:7789

Comment 41 errata-xmlrpc 2023-12-13 16:28:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7790 https://access.redhat.com/errata/RHSA-2023:7790

Comment 42 errata-xmlrpc 2023-12-18 07:43:44 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.4 Telecommunications Update Service

Via RHSA-2023:7878 https://access.redhat.com/errata/RHSA-2023:7878

Comment 43 errata-xmlrpc 2023-12-20 10:50:11 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Extended Update Support

Via RHSA-2023:7885 https://access.redhat.com/errata/RHSA-2023:7885

Comment 44 errata-xmlrpc 2023-12-20 10:50:22 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Extended Update Support

Via RHSA-2023:7883 https://access.redhat.com/errata/RHSA-2023:7883

Comment 45 errata-xmlrpc 2023-12-20 10:50:36 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2023:7884 https://access.redhat.com/errata/RHSA-2023:7884

Comment 47 errata-xmlrpc 2024-01-18 20:42:02 UTC
This issue has been addressed in the following products:

  RHACS-3.74-RHEL-8

Via RHSA-2024:0304 https://access.redhat.com/errata/RHSA-2024:0304

Comment 48 errata-xmlrpc 2024-01-22 18:54:24 UTC
This issue has been addressed in the following products:

  RHACS-4.1-RHEL-8

Via RHSA-2024:0332 https://access.redhat.com/errata/RHSA-2024:0332

Comment 49 errata-xmlrpc 2024-01-22 20:55:27 UTC
This issue has been addressed in the following products:

  Red Hat Advanced Cluster Security 4.2

Via RHSA-2024:0337 https://access.redhat.com/errata/RHSA-2024:0337


Note You need to log in before you can comment on or make changes to this bug.