Описание
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 8 | postgresql:16/postgresql | Not affected | ||
| Red Hat Enterprise Linux 9 | postgresql:16/postgresql | Not affected | ||
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-central-db-rhel8 | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-main-rhel8 | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-operator-bundle | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-scanner-db-rhel8 | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8 | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Enterprise Linux 7 | postgresql | Fixed | RHSA-2023:7783 | 13.12.2023 |
| Red Hat Enterprise Linux 8 | postgresql | Fixed | RHSA-2023:7581 | 29.11.2023 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
A flaw was found in PostgreSQL that allows authenticated database user ...
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
EPSS
8.8 High
CVSS3