KLA61933
Multiple vulnerabilities in PostgreSQL

Updated: 11/13/2023

Detect date ?	11/09/2023
Severity ?	High
Description	Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service. Below is a complete list of vulnerabilities: Memory disclosure vulnerability in aggregate function calls can be exploited to obtain sensitive information. Buffer overrun vulnerability in array modification can be exploited to obtain sensitive information. Denial of service vulnerability can be exploited to cause denial of service.
Affected products	PostgreSQL 16.x earlier than 16.1 PostgreSQL 15.x earlier than 15.5 PostgreSQL 14.x earlier than 14.10 PostgreSQL 13.x earlier than 13.13 PostgreSQL 12.x earlier than 12.17 PostgreSQL 11.x earlier than 11.22
Solution	Update to the latest version Download PostgreSQL
Original advisories	PostgreSQL: CVE-2023-5868: Memory disclosure in aggregate function calls PostgreSQL: CVE-2023-5869: Buffer overrun from integer overflow in array modification PostgreSQL: CVE-2023-5870: Role “pg_cancel_backend” can signal certain superuser processes
Impacts ?	OSI [?] DoS [?]
Related products	PostgreSQL
	Find out the statistics of the vulnerabilities spreading in your region

KLA61933Multiple vulnerabilities in PostgreSQL