Launchpad CVE tracker

CVE 2023-5869

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Related bugs and status

CVE-2023-5869 (Candidate) is related to these bugs:

Bug #2040469: New upstream microreleases 12.17, 14.10, and 15.5

		In	Importance	Status
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-12 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-14 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Noble)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-12 (Ubuntu Focal)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-14 (Ubuntu Jammy)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Mantic)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Lunar)	Undecided	Fix Released

Bug #2043435: [Debian] High CVE: CVE-2023-5868/CVE-2023-5869/CVE-2023-5870/CVE-2023-39417 postgresql-13 : multiple CVEs

Summary				In	Importance	Status
	2043435	[Debian] High CVE: CVE-2023-5868/CVE-2023-5869/CVE-2023-5870/CVE-2023-39417 postgresql-13 : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-5869

References