Searching
..

Click anywhere to stop

KLA61933
Multiple vulnerabilities in PostgreSQL

Обновлено: 13/11/2023
Дата обнаружения
09/11/2023
Уровень угрозы
High
Описание

Multiple vulnerabilities were found in PostgreSQL. Malicious users can exploit these vulnerabilities to obtain sensitive information, cause denial of service.

Below is a complete list of vulnerabilities:

  1. Memory disclosure vulnerability in aggregate function calls can be exploited to obtain sensitive information.
  2. Buffer overrun vulnerability in array modification can be exploited to obtain sensitive information.
  3. Denial of service vulnerability can be exploited to cause denial of service.
Пораженные продукты

PostgreSQL 16.x earlier than 16.1
PostgreSQL 15.x earlier than 15.5
PostgreSQL 14.x earlier than 14.10
PostgreSQL 13.x earlier than 13.13
PostgreSQL 12.x earlier than 12.17
PostgreSQL 11.x earlier than 11.22

Решение

Update to the latest version
Download PostgreSQL

Первичный источник обнаружения
PostgreSQL: CVE-2023-5868: Memory disclosure in aggregate function calls
PostgreSQL: CVE-2023-5869: Buffer overrun from integer overflow in array modification
PostgreSQL: CVE-2023-5870: Role "pg_cancel_backend" can signal certain superuser processes
Оказываемое влияние
?
OSI 
[?]

DoS 
[?]
Связанные продукты
PostgreSQL
Узнай статистику распространения уязвимостей в твоем регионе