KLA49176
Multiple vulnerabilities in PostgreSQL

Updated: 05/19/2023
Detect date
?
05/11/2023
Severity
?
High
Description

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code.

Below is a complete list of vulnerabilities:

  1. Information disclosure vulnerability in Core server can be exploited remotely to obtain sensitive information.
  2. Remote code execution vulnerability in Core server can be exploited remotely to execute arbitrary code.
Affected products

PostgreSQL 15.x earlier than 15.3
PostgreSQL 14.x earlier than 14.8
PostgreSQL 13.x earlier than 13.11
PostgreSQL 12.x earlier than 12.15
PostgreSQL 11.x earlier than 11.20

Solution

Update to the latest version
Download PostgreSQL

Original advisories

PostgreSQL: CVE-2023-2454
PostgreSQL: CVE-2023-2455

Impacts
?
ACE 
[?]

OSI 
[?]
Related products
PostgreSQL
Find out the statistics of the vulnerabilities spreading in your region