Уязвимость CVE-2023-5869: Информация

Описание

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Важность: HIGH (8,8) Вектор: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2023-5869
Опубликовано: 10 декабря 2023 г.
Изменено: 25 января 2024 г.
Идентификатор типа ошибки: CWE-190

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
postgresql11p1011.22-alt0.p10.111.22-alt0.p10.3ALT-PU-2023-7086-4333972Исправлено
postgresql11p10_e2k11.22-alt0.p10.111.22-alt0.p10.1ALT-PU-2023-7587-1-Исправлено
postgresql11p911.22-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2023-7481-2333985Исправлено
postgresql11c10f111.22-alt0.p10.111.22-alt0.p10.1ALT-PU-2023-8223-2336885Исправлено
postgresql11c9f211.22-alt0.M90P.111.22-alt0.M90P.1ALT-PU-2023-7083-2333990Исправлено
postgresql12sisyphus12.17-alt112.19-alt3ALT-PU-2023-7059-1333881Исправлено
postgresql12sisyphus_e2k12.17-alt112.19-alt3ALT-PU-2023-7146-1-Исправлено
postgresql12sisyphus_riscv6412.17-alt212.19-alt3ALT-PU-2023-7198-1-Исправлено
postgresql12p1012.17-alt0.p10.112.19-alt0.p10.3ALT-PU-2023-7087-4333972Исправлено
postgresql12p10_e2k12.17-alt0.p10.112.19-alt0.p10.1ALT-PU-2023-7588-1-Исправлено
postgresql12p912.17-alt0.M90P.112.19-alt0.M90P.1ALT-PU-2023-7480-2333985Исправлено
postgresql12c10f112.17-alt0.p10.112.19-alt0.p10.1ALT-PU-2023-8221-2336885Исправлено
postgresql12c9f212.17-alt0.M90P.112.18-alt0.c9f2.1ALT-PU-2023-7082-2333990Исправлено
postgresql12p1112.17-alt112.19-alt3ALT-PU-2023-7059-1333881Исправлено
postgresql12-1Cp912.17-alt0.M90P.112.19-alt0.M90P.1ALT-PU-2023-7479-2333985Исправлено
postgresql12-1Cc9f212.17-alt0.M90P.112.17-alt0.c9f2.2ALT-PU-2023-7081-2333990Исправлено
postgresql13sisyphus13.13-alt113.15-alt3ALT-PU-2023-7057-1333881Исправлено
postgresql13sisyphus_e2k13.13-alt113.15-alt3ALT-PU-2023-7147-1-Исправлено
postgresql13sisyphus_riscv6413.13-alt213.15-alt3ALT-PU-2023-7173-1-Исправлено
postgresql13p1013.13-alt0.p10.113.15-alt0.p10.3ALT-PU-2023-7088-4333972Исправлено
postgresql13p10_e2k13.13-alt0.p10.113.15-alt0.p10.1ALT-PU-2023-7589-1-Исправлено
postgresql13c10f113.13-alt0.p10.113.15-alt0.p10.1ALT-PU-2023-8224-2336885Исправлено
postgresql13p1113.13-alt113.15-alt3ALT-PU-2023-7057-1333881Исправлено
postgresql14sisyphus14.10-alt114.12-alt3ALT-PU-2023-7062-1333881Исправлено
postgresql14sisyphus_e2k14.10-alt114.12-alt3ALT-PU-2023-7148-1-Исправлено
postgresql14sisyphus_riscv6414.10-alt214.12-alt3ALT-PU-2023-7174-1-Исправлено
postgresql14p1014.10-alt0.p10.114.12-alt0.p10.3ALT-PU-2023-7089-4333972Исправлено
postgresql14p10_e2k14.10-alt0.p10.114.12-alt0.p10.1ALT-PU-2023-7590-1-Исправлено
postgresql14c10f114.10-alt0.p10.114.12-alt0.p10.1ALT-PU-2023-8225-2336885Исправлено
postgresql14p1114.10-alt114.12-alt3ALT-PU-2023-7062-1333881Исправлено
postgresql15sisyphus15.5-alt115.7-alt3ALT-PU-2023-7060-1333881Исправлено
postgresql15sisyphus_e2k15.5-alt115.7-alt3ALT-PU-2023-7149-1-Исправлено
postgresql15sisyphus_riscv6415.5-alt115.7-alt3ALT-PU-2023-7763-1-Исправлено
postgresql15p1015.5-alt0.p10.115.7-alt0.p10.3ALT-PU-2023-7090-4333972Исправлено
postgresql15p10_e2k15.5-alt0.p10.115.7-alt0.p10.1ALT-PU-2023-7591-1-Исправлено
postgresql15c10f115.5-alt0.c10.115.7-alt0.c10f1.1ALT-PU-2023-8222-2336885Исправлено
postgresql15p1115.5-alt115.7-alt3ALT-PU-2023-7060-1333881Исправлено
postgresql15-1Cp1015.5-alt0.p10.215.7-alt0.p10.3ALT-PU-2023-7207-2333972Исправлено
postgresql15-1Cp10_e2k15.5-alt0.p10.215.7-alt0.p10.1ALT-PU-2023-7592-1-Исправлено
postgresql15-1Cc10f115.5-alt0.p10.215.7-alt0.p10.1ALT-PU-2023-8226-2336885Исправлено
postgresql16sisyphus16.1-alt116.3-alt3ALT-PU-2023-7061-1333881Исправлено
postgresql16sisyphus_e2k16.1-alt216.3-alt3ALT-PU-2023-7145-1-Исправлено
postgresql16sisyphus_riscv6416.1-alt216.3-alt3ALT-PU-2023-7196-1-Исправлено
postgresql16p1016.1-alt116.3-alt0.p10.3ALT-PU-2023-7061-1333881Исправлено
postgresql16p1116.1-alt116.3-alt3ALT-PU-2023-7061-1333881Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
RHSA-2023:7545
  • Third Party Advisory
RHSA-2023:7579
  • Third Party Advisory
RHSA-2023:7580
  • Third Party Advisory
RHSA-2023:7581
  • Third Party Advisory
RHSA-2023:7616
  • Third Party Advisory
RHSA-2023:7656
  • Third Party Advisory
RHSA-2023:7666
  • Third Party Advisory
RHSA-2023:7667
  • Third Party Advisory
RHSA-2023:7694
  • Third Party Advisory
RHSA-2023:7695
  • Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-5869
  • Third Party Advisory
RHBZ#2247169
  • Issue Tracking
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
  • Release Notes
https://www.postgresql.org/support/security/CVE-2023-5869/
  • Vendor Advisory
RHSA-2023:7714
  • Third Party Advisory
RHSA-2023:7770
  • Third Party Advisory
RHSA-2023:7771
  • Third Party Advisory
RHSA-2023:7772
  • Third Party Advisory
RHSA-2023:7778
  • Third Party Advisory
RHSA-2023:7783
  • Third Party Advisory
RHSA-2023:7784
    RHSA-2023:7785
      RHSA-2023:7786
        RHSA-2023:7788
          RHSA-2023:7789
            RHSA-2023:7790
              RHSA-2023:7878
                RHSA-2023:7883
                  RHSA-2023:7884
                    RHSA-2023:7885
                      RHSA-2024:0304
                        https://security.netapp.com/advisory/ntap-20240119-0003/
                          RHSA-2024:0332
                            RHSA-2024:0337

                                1. Конфигурация 1

                                  cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*
                                  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                                  Start including
                                  15.0
                                  End excliding
                                  15.5
                                  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                                  Start including
                                  14.0
                                  End excliding
                                  14.10
                                  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                                  Start including
                                  13.0
                                  End excliding
                                  13.13
                                  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                                  Start including
                                  12.0
                                  End excliding
                                  12.17
                                  cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
                                  Start including
                                  11.0
                                  End excliding
                                  11.22

                                  Конфигурация 2

                                  cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0_ppc64:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*
                                  cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*
                              VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                              Версия: v24.5.3
                              Наверх