Cyber Resilience

CVE-2023-5868

Medium

Published: 10 December 2023

Published
10 December 2023
Modified
04 November 2025
KEV Added
Patch
CVSS Score v3.1 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score 0.0272 86.3th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-5868 is a medium-severity Function Call With Incorrect Argument Type (CWE-686) vulnerability in Postgresql Postgresql. Its CVSS base score is 4.3 (Medium).

Operationally, ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable…

more

and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

postgresql
postgresql
16.0 · 11.0 — 11.22 · 12.0 — 12.17 · 13.0 — 13.13
redhat
codeready linux builder eus
9.2
redhat
codeready linux builder eus for power little endian eus
9.0_ppc64le, 9.2_ppc64le
redhat
codeready linux builder for arm64 eus
8.6_aarch64, 9.0_aarch64, 9.2_aarch64
redhat
codeready linux builder for ibm z systems eus
9.0_s390x, 9.2_s390x
redhat
codeready linux builder for power little endian eus
9.0_ppc64le, 9.2_ppc64le
redhat
software collections
1.0
redhat
enterprise linux
8.0, 9.0
redhat
enterprise linux eus
8.6, 8.8, 9.0, 9.2
redhat
enterprise linux for arm 64
8.0, 8.8_aarch64
+6 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References