CVE-2023-5869 - Vulnerability Details

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Postgresql	Postgresql
Redhat	Advanced Cluster Security Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Eus Enterprise Linux Enterprise Linux Desktop Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Big Endian Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux For Scientific Computing Enterprise Linux Server Enterprise Linux Server Aus Enterprise Linux Server Tus Enterprise Linux Workstation Rhel Aus Rhel E4s Rhel Eus Rhel Software Collections Rhel Tus Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:16.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:software_collections:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

Package	CPE	Advisory	Released Date
Red Hat Advanced Cluster Security 4.2
advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
Red Hat Enterprise Linux 7
postgresql-0:9.2.24-9.el7_9	cpe:/o:redhat:enterprise_linux:7	RHSA-2023:7783	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 8
postgresql:13-8090020231114113712.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7581	2023-11-29T00:00:00Z
postgresql:12-8090020231128173330.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7714	2023-12-11T00:00:00Z
postgresql:10-8090020231201202407.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7790	2023-12-13T00:00:00Z
postgresql:15-8090020231114113548.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7884	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions
postgresql:10-8010020231130170510.c27ad7f8	cpe:/a:redhat:rhel_e4s:8.1	RHSA-2023:7778	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
postgresql:10-8020020231201202149.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:7788	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
postgresql:10-8020020231201202149.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:7788	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
postgresql:10-8020020231201202149.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:7788	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
postgresql:10-8040020231127142440.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7878	2023-12-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
postgresql:10-8040020231127142440.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7878	2023-12-19T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
postgresql:10-8040020231127142440.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7878	2023-12-19T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
postgresql:13-8060020231114115246.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7580	2023-11-29T00:00:00Z
postgresql:12-8060020231128165328.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7666	2023-12-06T00:00:00Z
postgresql:10-8060020231201202249.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7789	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
postgresql:13-8080020231114105206.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7579	2023-11-29T00:00:00Z
postgresql:12-8080020231128165335.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7656	2023-12-05T00:00:00Z
postgresql:10-8080020231201202316.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7786	2023-12-13T00:00:00Z
postgresql:15-8080020231113134015.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7883	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 9
postgresql-0:13.13-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7784	2023-12-13T00:00:00Z
postgresql:15-9030020231120082734.rhel9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7785	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
postgresql-0:13.13-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:7545	2023-11-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
postgresql-0:13.13-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7616	2023-11-30T00:00:00Z
postgresql:15-9020020231115020618.rhel9	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7885	2023-12-20T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-postgresql12-postgresql-0:12.17-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7770	2023-12-13T00:00:00Z
rh-postgresql10-postgresql-0:10.23-2.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7771	2023-12-13T00:00:00Z
rh-postgresql13-postgresql-0:13.13-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7772	2023-12-13T00:00:00Z
RHACS-3.74-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:3.74.8-7	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
RHACS-4.1-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7771
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7778
https://access.redhat.com/errata/RHSA-2023:7783
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7786
https://access.redhat.com/errata/RHSA-2023:7788
https://access.redhat.com/errata/RHSA-2023:7789
https://access.redhat.com/errata/RHSA-2023:7790
https://access.redhat.com/errata/RHSA-2023:7878
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5869
https://bugzilla.redhat.com/show_bug.cgi?id=2247169
https://nvd.nist.gov/vuln/detail/CVE-2023-5869
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.cve.org/CVERecord?id=CVE-2023-5869
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5869/

History

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240119-0003/

Sat, 14 Sep 2024 00:45:00 +0000

Type	Values Removed	Values Added
References	https://security.netapp.com/advisory/ntap-20240119-0003/

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-10T17:56:57.131Z

Updated: 2024-11-15T15:11:34.563Z

Reserved: 2023-10-31T03:56:42.638Z

Link: CVE-2023-5869

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-12-10T18:15:07.410

Modified: 2024-11-21T08:42:40.427

Link: CVE-2023-5869

Redhat

Severity : Important

Publid Date: 2023-11-09T00:00:00Z

Links: CVE-2023-5869 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5869", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-31T03:56:42.638Z", "datePublished": "2023-12-10T17:56:57.131Z", "dateUpdated": "2024-11-15T15:11:34.563Z"}, "containers": {"cna": {"title": "Postgresql: buffer overrun from integer overflow in array modification", "metrics": [{"other": {"content": {"value": "Important", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:9.2.24-9.el7_9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/o:redhat:enterprise_linux:7::client", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/o:redhat:enterprise_linux:7::workstation"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8090020231114113712.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8090020231128173330.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8090020231201202407.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8090020231114113548.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8010020231130170510.c27ad7f8", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.1::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8020020231201202149.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8020020231201202149.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8020020231201202149.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8040020231127142440.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8040020231127142440.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8040020231127142440.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8060020231114115246.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8060020231128165328.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8060020231201202249.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8080020231114105206.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8080020231128165335.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10", "defaultStatus": "affected", "versions": [{"version": "8080020231201202316.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8080020231113134015.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9030020231120082734.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9020020231115020618.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql12-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:12.17-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql10-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:10.23-2.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql13-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "3.74.8-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:16/postgresql", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:16/postgresql", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7771", "name": "RHSA-2023:7771", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7778", "name": "RHSA-2023:7778", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7783", "name": "RHSA-2023:7783", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7786", "name": "RHSA-2023:7786", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7788", "name": "RHSA-2023:7788", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7789", "name": "RHSA-2023:7789", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7790", "name": "RHSA-2023:7790", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7878", "name": "RHSA-2023:7878", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5869", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169", "name": "RHBZ#2247169", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5869/"}], "datePublic": "2023-11-09T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-190", "description": "Integer Overflow or Wraparound", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-190: Integer Overflow or Wraparound", "workarounds": [{"lang": "en", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}], "timeline": [{"lang": "en", "time": "2023-10-31T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-11-09T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Upstream acknowledges Pedro Gallegos as the original reporter."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-15T15:11:34.563Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.605Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7771", "name": "RHSA-2023:7771", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7778", "name": "RHSA-2023:7778", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7783", "name": "RHSA-2023:7783", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7786", "name": "RHSA-2023:7786", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7788", "name": "RHSA-2023:7788", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7789", "name": "RHSA-2023:7789", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7790", "name": "RHSA-2023:7790", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7878", "name": "RHSA-2023:7878", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5869", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169", "name": "RHBZ#2247169", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0003/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5869/", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71", "versionEndExcluding": "11.22", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF", "versionEndExcluding": "12.17", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001", "versionEndExcluding": "13.13", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21", "versionEndExcluding": "14.10", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932", "versionEndExcluding": "15.5", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "2148300C-ECBD-4ED5-A164-79629859DD43", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*", "matchCriteriaId": "8BCF87FD-9358-42A5-9917-25DF0180A5A6", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "7A584AAA-A14F-4C64-8FED-675DC36F69A3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en PostgreSQL que permite a los usuarios de bases de datos autenticados ejecutar c\u00f3digo arbitrario al faltar verificaciones de desbordamiento durante la modificaci\u00f3n del valor de la matriz SQL. Este problema existe debido a un desbordamiento de enteros durante la modificaci\u00f3n de la matriz, donde un usuario remoto puede desencadenar el desbordamiento proporcionando datos especialmente manipulados. Esto permite la ejecuci\u00f3n de c\u00f3digo arbitrario en el sistema de destino, lo que permite a los usuarios escribir bytes arbitrarios en la memoria y leer ampliamente la memoria del servidor."}], "id": "CVE-2023-5869", "lastModified": "2024-11-21T08:42:40.427", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-10T18:15:07.410", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7771"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7778"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7783"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7786"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7788"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7789"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7790"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7878"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5869"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-5869/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7771"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7778"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7783"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7786"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7788"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7789"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7790"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7878"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5869"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240119-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-5869/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Pedro Gallegos as the original reporter.", "affected_release": [{"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2023:7783", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "postgresql-0:9.2.24-9.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7581", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:13-8090020231114113712.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7714", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:12-8090020231128173330.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2023:7790", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:10-8090020231201202407.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7884", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:15-8090020231114113548.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7778", "cpe": "cpe:/a:redhat:rhel_e4s:8.1", "package": "postgresql:10-8010020231130170510.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7788", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql:10-8020020231201202149.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7788", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql:10-8020020231201202149.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7788", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql:10-8020020231201202149.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7878", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:10-8040020231127142440.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-19T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7878", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:10-8040020231127142440.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-19T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7878", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:10-8040020231127142440.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-19T00:00:00Z"}, {"advisory": "RHSA-2023:7580", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:13-8060020231114115246.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7666", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:12-8060020231128165328.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7789", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:10-8060020231201202249.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7579", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:13-8080020231114105206.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7656", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:12-8080020231128165335.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-05T00:00:00Z"}, {"advisory": "RHSA-2023:7786", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:10-8080020231201202316.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7883", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:15-8080020231113134015.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7784", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql-0:13.13-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7785", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql:15-9030020231120082734.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7545", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "postgresql-0:13.13-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2023:7616", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql-0:13.13-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-11-30T00:00:00Z"}, {"advisory": "RHSA-2023:7885", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql:15-9020020231115020618.rhel9", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7770", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.17-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7771", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql10-postgresql-0:10.23-2.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7772", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql13-postgresql-0:13.13-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:3.74.8-7", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}], "bugzilla": {"description": "postgresql: Buffer overrun from integer overflow in array modification", "id": "2247169", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247169"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-190", "details": ["A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.", "A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2023-5869", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5869\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5869\nhttps://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\nhttps://www.postgresql.org/support/security/CVE-2023-5869/"], "threat_severity": "Important"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object