MEDIUM✓ PATCH🇵🇱 Wersja polska

CVE-2023-5868

CVSS 4.3v3.1pub. 2023-12-10upd. 2026-06-23

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
  • PostgreSQL

    APP
    Postgresql
    16.012.0 – 12.17 (bez)13.0 – 13.13 (bez)14.0 – 14.10 (bez)15.0 – 15.5 (bez)11.0 – 11.22 (bez)
  • Red Hat Codeready Linux Builder Eus

    APP
    Redhat
    9.2
  • Red Hat Codeready Linux Builder Eus For Power Little Endian Eus

    APP
    Redhat
    9.0_ppc64le9.2_ppc64le
  • Red Hat Codeready Linux Builder For Arm64 Eus

    APP
    Redhat
    8.6_aarch649.0_aarch649.2_aarch64
  • Red Hat Codeready Linux Builder For IBM Z Systems Eus

    APP
    Redhat
    9.0_s390x9.2_s390x
  • Red Hat Codeready Linux Builder For Power Little Endian Eus

    APP
    Redhat
    9.0_ppc64le9.2_ppc64le
  • Red Hat Enterprise Linux

    OS
    Redhat
    8.09.0
  • Red Hat Enterprise Linux Eus

    OS
    Redhat
    8.68.89.09.2
  • Red Hat Enterprise Linux For Arm 64

    OS
    Redhat
    8.08.8_aarch64
  • Red Hat Enterprise Linux For IBM Z Systems

    OS
    Redhat
    8.0_s390x
  • Red Hat Enterprise Linux For IBM Z Systems Eus

    OS
    Redhat
    8.6_s390x8.8_s390x9.0_s390x9.2_s390x
  • Red Hat Enterprise Linux For Power Little Endian

    OS
    Redhat
    8.0_ppc64le
  • Red Hat Enterprise Linux For Power Little Endian Eus

    OS
    Redhat
    8.6_ppc64le8.8_ppc64le9.0_ppc64le9.2_ppc64le
  • Red Hat Enterprise Linux Server Aus

    OS
    Redhat
    8.28.48.69.2
  • Red Hat Enterprise Linux Server Tus

    OS
    Redhat
    8.28.48.6
  • Red Hat Software Collections

    APP
    Redhat
    1.0
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-32463CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)

CVE-2021-40438CRITICAL9.0⚠ KEVten sam produkt

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remot...

CVE-2019-5544CRITICAL9.8⚠ KEVten sam produkt

OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the s...

CVE-2018-14667CRITICAL9.8⚠ KEVten sam produkt

The RichFaces Framework 3.X through 3.3.4 is vulnerable to Expression Language (EL) injection via the UserReso...

CVE-2016-3427CRITICAL9.8⚠ KEVten sam produkt

Unspecified vulnerability in Oracle Java SE 6u113, 7u99, and 8u77; Java SE Embedded 8u77; and JRockit R28.3.9 ...