CVE-2023-5869 Vulnerability Details

  /     /     /  

CVE-2023-5869 Metadata Quick Info

CVE Published: 10/12/2023 | CVE Updated: 15/11/2024 | CVE Year: 2023
Source: redhat | Vendor: Red Hat | Product: Red Hat Advanced Cluster Security 4.2
Status : PUBLISHED

---

CVE-2023-5869 Description

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server\'s memory.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-190
CWE Name: Integer Overflow or Wraparound
Source: Red Hat

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).