A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the servers memory.
The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 11.0 (including) | 11.22 (excluding) |
Postgresql | Postgresql | 12.0 (including) | 12.17 (excluding) |
Postgresql | Postgresql | 13.0 (including) | 13.13 (excluding) |
Postgresql | Postgresql | 14.0 (including) | 14.10 (excluding) |
Postgresql | Postgresql | 15.0 (including) | 15.5 (excluding) |
Postgresql | Postgresql | 16.0 (including) | 16.0 (including) |
Red Hat Advanced Cluster Security 4.2 | RedHat | advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6 | * |
Red Hat Advanced Cluster Security 4.2 | RedHat | advanced-cluster-security/rhacs-main-rhel8:4.2.4-6 | * |
Red Hat Advanced Cluster Security 4.2 | RedHat | advanced-cluster-security/rhacs-operator-bundle:4.2.4-7 | * |
Red Hat Advanced Cluster Security 4.2 | RedHat | advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6 | * |
Red Hat Advanced Cluster Security 4.2 | RedHat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7 | * |
Red Hat Enterprise Linux 7 | RedHat | postgresql-0:9.2.24-9.el7_9 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:13-8090020231114113712.a75119d5 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:12-8090020231128173330.a75119d5 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:10-8090020231201202407.a75119d5 | * |
Red Hat Enterprise Linux 8 | RedHat | postgresql:15-8090020231114113548.a75119d5 | * |
Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions | RedHat | postgresql:10-8010020231130170510.c27ad7f8 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | postgresql:12-8020020231128165246.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Advanced Update Support | RedHat | postgresql:10-8020020231201202149.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | postgresql:12-8020020231128165246.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Telecommunications Update Service | RedHat | postgresql:10-8020020231201202149.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | postgresql:12-8020020231128165246.4cda2c84 | * |
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions | RedHat | postgresql:10-8020020231201202149.4cda2c84 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | postgresql:12-8040020231127153301.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | postgresql:13-8040020231127154806.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support | RedHat | postgresql:10-8040020231127142440.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | postgresql:12-8040020231127153301.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | postgresql:13-8040020231127154806.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Telecommunications Update Service | RedHat | postgresql:10-8040020231127142440.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | postgresql:12-8040020231127153301.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | postgresql:13-8040020231127154806.522a0ee4 | * |
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions | RedHat | postgresql:10-8040020231127142440.522a0ee4 | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | postgresql:13-8060020231114115246.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | postgresql:12-8060020231128165328.ad008a3a | * |
Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | postgresql:10-8060020231201202249.ad008a3a | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | postgresql:13-8080020231114105206.63b34585 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | postgresql:12-8080020231128165335.63b34585 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | postgresql:10-8080020231201202316.63b34585 | * |
Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | postgresql:15-8080020231113134015.63b34585 | * |
Red Hat Enterprise Linux 9 | RedHat | postgresql-0:13.13-1.el9_3 | * |
Red Hat Enterprise Linux 9 | RedHat | postgresql:15-9030020231120082734.rhel9 | * |
Red Hat Enterprise Linux 9.0 Extended Update Support | RedHat | postgresql-0:13.13-1.el9_0 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | postgresql-0:13.13-1.el9_2 | * |
Red Hat Enterprise Linux 9.2 Extended Update Support | RedHat | postgresql:15-9020020231115020618.rhel9 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-postgresql12-postgresql-0:12.17-1.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-postgresql10-postgresql-0:10.23-2.el7 | * |
Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-postgresql13-postgresql-0:13.13-1.el7 | * |
RHACS-3.74-RHEL-8 | RedHat | advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9 | * |
RHACS-3.74-RHEL-8 | RedHat | advanced-cluster-security/rhacs-main-rhel8:3.74.8-9 | * |
RHACS-3.74-RHEL-8 | RedHat | advanced-cluster-security/rhacs-operator-bundle:3.74.8-7 | * |
RHACS-3.74-RHEL-8 | RedHat | advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9 | * |
RHACS-3.74-RHEL-8 | RedHat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9 | * |
RHACS-4.1-RHEL-8 | RedHat | advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6 | * |
RHACS-4.1-RHEL-8 | RedHat | advanced-cluster-security/rhacs-main-rhel8:4.1.6-6 | * |
RHACS-4.1-RHEL-8 | RedHat | advanced-cluster-security/rhacs-operator-bundle:4.1.6-6 | * |
RHACS-4.1-RHEL-8 | RedHat | advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6 | * |
RHACS-4.1-RHEL-8 | RedHat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6 | * |
Postgresql-10 | Ubuntu | bionic | * |
Postgresql-10 | Ubuntu | esm-infra/bionic | * |
Postgresql-12 | Ubuntu | focal | * |
Postgresql-12 | Ubuntu | trusty | * |
Postgresql-12 | Ubuntu | upstream | * |
Postgresql-14 | Ubuntu | jammy | * |
Postgresql-14 | Ubuntu | upstream | * |
Postgresql-15 | Ubuntu | lunar | * |
Postgresql-15 | Ubuntu | mantic | * |
Postgresql-15 | Ubuntu | upstream | * |
Postgresql-16 | Ubuntu | upstream | * |
Postgresql-9.1 | Ubuntu | trusty | * |
Postgresql-9.3 | Ubuntu | trusty | * |
Postgresql-9.3 | Ubuntu | trusty/esm | * |
Postgresql-9.5 | Ubuntu | esm-infra/xenial | * |
Postgresql-9.5 | Ubuntu | xenial | * |