CVE-2023-5868 MEDIUM

CVE-2023-5868: Postgresql: memory disclosure in aggregate function calls

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-686
Published December 10, 2023
Last update March 12, 2026

CVSS base score

4.3/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Key dates

02Disclosure timeline

December 10, 2023 CVE published
March 12, 2026 Record updated