BIT-postgresql-2023-5869

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/postgresql/BIT-postgresql-2023-5869.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-postgresql-2023-5869
Aliases
Published
2024-03-06T11:02:41.294Z
Modified
2024-03-06T11:25:28.861Z
Summary
[none]
Details

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

References

Affected packages

Bitnami / postgresql

Package

Name
postgresql
Purl
pkg:bitnami/postgresql

Severity

  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
11.0.0
Fixed
11.22.0
Introduced
12.0.0
Fixed
12.17.0
Introduced
13.0.0
Fixed
13.13.0
Introduced
14.0.0
Fixed
14.10.0
Introduced
15.0.0
Fixed
15.5.0
Type
SEMVER
Events
Introduced
16.0.0
Last affected
16.0.0