Rapid7 Vulnerability & Exploit Database

Rocky Linux: CVE-2023-5869: postgresql-10 (Multiple Advisories)

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

Rocky Linux: CVE-2023-5869: postgresql-10 (Multiple Advisories)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
12/10/2023
Created
03/07/2024
Added
03/05/2024
Modified
08/28/2024

Description

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Solution(s)

  • rocky-upgrade-pg_repack
  • rocky-upgrade-pg_repack-debuginfo
  • rocky-upgrade-pg_repack-debugsource
  • rocky-upgrade-pgaudit
  • rocky-upgrade-pgaudit-debuginfo
  • rocky-upgrade-pgaudit-debugsource
  • rocky-upgrade-postgres-decoderbufs
  • rocky-upgrade-postgres-decoderbufs-debuginfo
  • rocky-upgrade-postgres-decoderbufs-debugsource
  • rocky-upgrade-postgresql
  • rocky-upgrade-postgresql-contrib
  • rocky-upgrade-postgresql-contrib-debuginfo
  • rocky-upgrade-postgresql-debuginfo
  • rocky-upgrade-postgresql-debugsource
  • rocky-upgrade-postgresql-docs
  • rocky-upgrade-postgresql-docs-debuginfo
  • rocky-upgrade-postgresql-plperl
  • rocky-upgrade-postgresql-plperl-debuginfo
  • rocky-upgrade-postgresql-plpython3
  • rocky-upgrade-postgresql-plpython3-debuginfo
  • rocky-upgrade-postgresql-pltcl
  • rocky-upgrade-postgresql-pltcl-debuginfo
  • rocky-upgrade-postgresql-server
  • rocky-upgrade-postgresql-server-debuginfo
  • rocky-upgrade-postgresql-server-devel
  • rocky-upgrade-postgresql-server-devel-debuginfo
  • rocky-upgrade-postgresql-static
  • rocky-upgrade-postgresql-test
  • rocky-upgrade-postgresql-test-debuginfo
  • rocky-upgrade-postgresql-upgrade
  • rocky-upgrade-postgresql-upgrade-debuginfo
  • rocky-upgrade-postgresql-upgrade-devel
  • rocky-upgrade-postgresql-upgrade-devel-debuginfo

insightVM

Advanced vulnerability management analytics and reporting.
Key Features
  • Lightweight Endpoint Agent
  • Live Dashboards
  • Real Risk Prioritization
  • IT-Integrated Remediation Projects
  • Cloud, Virtual, and Container Assessment
  • Integrated Threat Feeds
  • Easy-to-Use RESTful API
  • Automation-Assisted Patching
  • Automated Containment
Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;