CVE-2023-5869
📋 TL;DR
This CVE-2023-5869 vulnerability in PostgreSQL allows authenticated database users to execute arbitrary code on the server through an integer overflow when modifying SQL arrays. Attackers can write arbitrary bytes to memory and read server memory, potentially leading to full system compromise. All PostgreSQL deployments with authenticated users are affected.
💻 Affected Systems
- PostgreSQL
📦 What is this software?
Codeready Linux Builder Eus For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder Eus For Power Little Endian Eus →
Codeready Linux Builder Eus For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder Eus For Power Little Endian Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Arm64 Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Arm64 Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Ibm Z Systems Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Ibm Z Systems Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Codeready Linux Builder For Power Little Endian Eus by Redhat
View all CVEs affecting Codeready Linux Builder For Power Little Endian Eus →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Ibm Z Systems Eus by Redhat
View all CVEs affecting Enterprise Linux For Ibm Z Systems Eus →
Enterprise Linux For Power Big Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Big Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Power Little Endian Eus by Redhat
View all CVEs affecting Enterprise Linux For Power Little Endian Eus →
Enterprise Linux For Scientific Computing by Redhat
View all CVEs affecting Enterprise Linux For Scientific Computing →
Postgresql by Postgresql
Postgresql by Postgresql
Postgresql by Postgresql
Postgresql by Postgresql
Postgresql by Postgresql
Postgresql by Postgresql
⚠️ Risk & Real-World Impact
Worst Case
Full remote code execution leading to complete system takeover, data exfiltration, and lateral movement within the network.
Likely Case
Database compromise leading to data theft, privilege escalation, and potential persistence mechanisms installed.
If Mitigated
Limited impact if proper network segmentation, least privilege access, and monitoring are in place.
🎯 Exploit Status
Requires authenticated database access but exploit details are relatively straightforward once understood.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: PostgreSQL 16.1, 15.5, 14.10, 13.13, 12.17
Vendor Advisory: https://www.postgresql.org/support/security/
Restart Required: Yes
Instructions:
1. Backup databases. 2. Stop PostgreSQL service. 3. Install patched version from official PostgreSQL repository. 4. Start PostgreSQL service. 5. Verify functionality.
🔧 Temporary Workarounds
Restrict Database User Privileges
allApply principle of least privilege to limit which users can modify arrays
REVOKE UPDATE, INSERT, DELETE ON ALL TABLES IN SCHEMA public FROM vulnerable_user;
REVOKE ALL ON DATABASE target_db FROM vulnerable_user;
🧯 If You Can't Patch
- Implement strict network access controls to limit PostgreSQL port access to only trusted sources.
- Deploy application-level monitoring for unusual array modification queries and privilege escalation attempts.
🔍 How to Verify
Check if Vulnerable:
Check PostgreSQL version: SELECT version(); If version is below 16.1, 15.5, 14.10, 13.13, or 12.17, system is vulnerable.Check Version:
SELECT version();Verify Fix Applied:
After patching, run SELECT version(); and confirm version is 16.1, 15.5, 14.10, 13.13, 12.17 or higher.📡 Detection & Monitoring
Log Indicators:
- Unusual array modification queries from authenticated users
- Multiple failed authentication attempts followed by successful login and array operations
- PostgreSQL error logs showing memory access violations
Network Indicators:
- Unusual database connections from unexpected sources
- High volume of array-related SQL queries
SIEM Query:
source="postgresql.log" AND ("array" OR "memory" OR "overflow") AND severity=ERROR🔗 References
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7771
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7778
- https://access.redhat.com/errata/RHSA-2023:7783
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7786
- https://access.redhat.com/errata/RHSA-2023:7788
- https://access.redhat.com/errata/RHSA-2023:7789
- https://access.redhat.com/errata/RHSA-2023:7790
- https://access.redhat.com/errata/RHSA-2023:7878
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5869
- https://bugzilla.redhat.com/show_bug.cgi?id=2247169
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5869/
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7771
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7778
- https://access.redhat.com/errata/RHSA-2023:7783
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7786
- https://access.redhat.com/errata/RHSA-2023:7788
- https://access.redhat.com/errata/RHSA-2023:7789
- https://access.redhat.com/errata/RHSA-2023:7790
- https://access.redhat.com/errata/RHSA-2023:7878
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5869
- https://bugzilla.redhat.com/show_bug.cgi?id=2247169
- https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
- https://security.netapp.com/advisory/ntap-20240119-0003/
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5869/
