CVE-2023-5868
Published: 10 December 2023
Summary
CVE-2023-5868 is a medium-severity Function Call With Incorrect Argument Type (CWE-686) vulnerability in Postgresql Postgresql. Its CVSS base score is 4.3 (Medium).
Operationally, ranked in the top 13.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-58142
Vulnerability details
A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable…
more
and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.