Launchpad CVE tracker

CVE 2023-5868

A memory disclosure vulnerability was found in PostgreSQL that allows remote users to access sensitive information by exploiting certain aggregate function calls with 'unknown'-type arguments. Handling 'unknown'-type values from string literals without type designation can disclose bytes, potentially revealing notable and confidential information. This issue exists due to excessive data output in aggregate function calls, enabling remote users to read some portion of system memory.

Related bugs and status

CVE-2023-5868 (Candidate) is related to these bugs:

Bug #2040469: New upstream microreleases 12.17, 14.10, and 15.5

		In	Importance	Status
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-12 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-14 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Noble)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-12 (Ubuntu Focal)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-14 (Ubuntu Jammy)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Mantic)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Lunar)	Undecided	Fix Released

Bug #2043435: [Debian] High CVE: CVE-2023-5868/CVE-2023-5869/CVE-2023-5870/CVE-2023-39417 postgresql-13 : multiple CVEs

Summary				In	Importance	Status
	2043435	[Debian] High CVE: CVE-2023-5868/CVE-2023-5869/CVE-2023-5870/CVE-2023-39417 postgresql-13 : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-5868

References