Cyber Resilience

CVE-2023-5869

High

Published: 10 December 2023

Published
10 December 2023
Modified
04 November 2025
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0161 82.2th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2023-5869 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Postgresql Postgresql. Its CVSS base score is 8.8 (High).

Operationally, ranked in the top 17.8% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can…

more

trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

postgresql
postgresql
16.0 · 11.0 — 11.22 · 12.0 — 12.17 · 13.0 — 13.13
redhat
codeready linux builder eus
9.2
redhat
codeready linux builder eus for power little endian eus
9.0_ppc64le, 9.2_ppc64le
redhat
codeready linux builder for arm64 eus
8.6_aarch64, 9.0_aarch64, 9.2_aarch64
redhat
codeready linux builder for ibm z systems eus
9.0_s390x, 9.2_s390x
redhat
codeready linux builder for power little endian eus
9.0_ppc64le, 9.2_ppc64le
redhat
software collections
1.0
redhat
enterprise linux
8.0, 9.0
redhat
enterprise linux desktop
7.0
redhat
enterprise linux eus
8.6, 8.8, 9.0, 9.2
+11 more product configuration(s) — see NVD for full list

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References