CVE-2023-5869 HIGH

CVE-2023-5869: Postgresql: buffer overrun from integer overflow in array modification

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-190
Published December 10, 2023
Last update March 11, 2026

CVSS base score

8.8/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Key dates

02Disclosure timeline

December 10, 2023 CVE published
March 11, 2026 Record updated