CVE-2023-5869

Postgresql: buffer overrun from integer overflow in array modification

Published: 12/10/2023 Last updated: 11/6/2025 Reserved: 10/31/2023

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	8.8	High	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (5)

conf-mingw-w64-postgresql-i686 conf-mingw-w64-postgresql-x86_64 conf-postgresql ocsigen-start postgresql

Products affected (89)

Product	Vendor	Version
RHACS-3.74-RHEL-8	Red Hat	< 13.3
RHACS-4.1-RHEL-8	Red Hat	< publication
RHACS-4.1-RHEL-8	Red Hat	1.0.0.14(4656)
RHACS-3.74-RHEL-8	Red Hat	15.2(1)E3
Red Hat Advanced Cluster Security 4.2	Red Hat	n/a
Red Hat Advanced Cluster Security 4.2	Red Hat	WCN6856
RHACS-3.74-RHEL-8	Red Hat	unspecified
Red Hat Advanced Cluster Security 4.2	Red Hat	15.2(4)M8
RHACS-3.74-RHEL-8	Red Hat	n/a
Red Hat Advanced Cluster Security 4.2	Red Hat	2016 (Core installation)
RHACS-4.1-RHEL-8	Red Hat	unspecified
RHACS-4.1-RHEL-8	Red Hat	< 16.4
RHACS-4.1-RHEL-8	Red Hat	3.8.0S
Red Hat Advanced Cluster Security 4.2	Red Hat	n/a
RHACS-3.74-RHEL-8	Red Hat	3.7.7S
RHACS-3.74-RHEL-8	Red Hat	< 6.3.9600.20571
RHACS-3.74-RHEL-8	Red Hat	< ComboAM4v2PI 1.2.0.cb
RHACS-4.1-RHEL-8	Red Hat	< 12.0
Red Hat Advanced Cluster Security 4.2	Red Hat	< 17.2.16
Red Hat Advanced Cluster Security 4.2	Red Hat	< a1ad124c836816fac8bd5e461d36eaf33cee4e24
Red Hat Advanced Cluster Security 4.2	Red Hat	< 6.1.7601.26115
Red Hat Advanced Cluster Security 4.2	Red Hat	15.0(2)SG2
RHACS-4.1-RHEL-8	Red Hat	< 2021
RHACS-3.74-RHEL-8	Red Hat	n/a
RHACS-3.74-RHEL-8	Red Hat	< CastlePeakPI-SP3r3 1.0.0.B
Red Hat Enterprise Linux 7	Red Hat	15.0(2)SG6
Red Hat Enterprise Linux 7	Red Hat	version 1803 (Core Installation)
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	12.2(33)SCH6
Red Hat Enterprise Linux 6	Red Hat	Spring Framework (6.0.0 to 6.0.6, 5.3.0 to 5.3.25, 5.2.0.RELEASE to 5.2.22.RELEASE, Older unsupported versions are also affected)
Red Hat Enterprise Linux 9.0 Extended Update Support	Red Hat	Lantronix PremierWave 2050 8.9.0.0R4 (in QEMU)
Red Hat Enterprise Linux 9	Red Hat	various
Red Hat Enterprise Linux 6	Red Hat	3.9.0aS
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	11.6
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 17.0.22
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	2008 for Itanium-Based Systems Service Pack 2
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 6.2.9200.23865
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	dev master commit 3f7c0364
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	< 17.6.3
Red Hat Enterprise Linux 8	Red Hat	15.0(1)EX
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions	Red Hat	15.0(2)EX13
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 12.6
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	15.1(1)SY4
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	9.0
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	15.2(7)E1a
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	15.2(7)E6
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	15.4(2)T1
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	12.2(33)SCH2
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	< 1.0.4
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	n/a
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	12.2(33)SCG3
Red Hat Enterprise Linux 8.2 Telecommunications Update Service	Red Hat	< 6.2.9200.23865
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions	Red Hat	15.1(1)SY1
Red Hat Enterprise Linux 8.2 Advanced Update Support	Red Hat	2019 (Core installation)
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	15.1(2)SY4a
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	15.3(3)S
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	15.2(7)E4
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	n/a
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	various
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	2008 for x64-based Systems Service Pack 2
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	unspecified
Red Hat Enterprise Linux 8	Red Hat	12.4(24)MDB15
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	15.2(8)E3
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	15.2(6)EB
Red Hat Enterprise Linux 8	Red Hat	< 4569
Red Hat Enterprise Linux 8.6 Extended Update Support	Red Hat	6.0.4
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions	Red Hat	2008 for x64-based Systems Service Pack 2 (Core installation)
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	< 17.4.8
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	1.0
Red Hat Enterprise Linux 8.4 Telecommunications Update Service	Red Hat	15.2(7)E2
Red Hat Enterprise Linux 8	Red Hat	n/a
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support	Red Hat	2008 for 32-bit Systems Service Pack 2
Red Hat Enterprise Linux 8	Red Hat	2019
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	< 6.3.9600.20571
Red Hat Enterprise Linux 8	Red Hat	< 1.0.2
Red Hat Enterprise Linux 9	Red Hat	< publication
Red Hat Enterprise Linux 9.2 Extended Update Support	Red Hat	unspecified
Red Hat Enterprise Linux 8.8 Extended Update Support	Red Hat	12.2(33)SCH3
Red Hat Enterprise Linux 9	Red Hat	< 12.6
Red Hat Enterprise Linux 8	Red Hat	2.04.02 and prior
Red Hat Enterprise Linux 9	Red Hat	15.2(5)E1
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	< 6.10.0.185964
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	25.2.0
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	< 7.3.5
Red Hat Software Collections for Red Hat Enterprise Linux 7	Red Hat	< ComboAM4v2PI 1.2.0.cb

References (136)

Credits (2)

Upstream acknowledges Pedro Gallegos as the original reporter.
Upstream acknowledges Pedro Gallegos as the original reporter.