CVE-2023-5869: Unpatched PostgreSQL Servers at Risk of Arbitrary Code Execution Attacks
The PostgreSQL Global Development Group has released PostgreSQL 16.1, 15.5, 14.10, 13.13, 12.17, and 11.22, which include fixes for three security vulnerabilities. These vulnerabilities could have allowed attackers to take control of affected systems or steal sensitive data.
CVE-2023-5868: Memory Disclosure in Aggregate Function Calls
The first vulnerability, CVE-2023-5868, is a memory disclosure vulnerability that could allow attackers to read sensitive data from the PostgreSQL server. This vulnerability is rated as critical by the Common Vulnerability Scoring System (CVSS) with a score of 4.3.
The vulnerability is caused by a flaw in the way that PostgreSQL handles certain aggregate functions. When an aggregate function is called with an argument of type “unknown,” PostgreSQL will store the argument in memory. If the argument is longer than the allocated buffer, PostgreSQL will overwrite memory that is adjacent to the buffer. This could allow an attacker to read sensitive data from the PostgreSQL server.
CVE-2023-5869: Buffer Overrun from Integer Overflow in Array Modification
The second vulnerability, CVE-2023-5869, is a buffer overrun vulnerability that could allow attackers to execute arbitrary code on the PostgreSQL server. This vulnerability is rated as critical by the CVSS with a score of 8.8.
The vulnerability is caused by a flaw in the way that PostgreSQL handles array modifications. If an attacker can provide a specially crafted array modification query, they can cause PostgreSQL to overwrite memory that is adjacent to the array. This could allow the attacker to execute arbitrary code on the PostgreSQL server.
CVE-2023-5870: Role pg_signal_backend Can Signal Certain Superuser Processes
The third vulnerability, CVE-2023-5870, is a role bypass vulnerability that could allow attackers to signal certain superuser processes. This vulnerability is rated as moderate by the CVSS with a score of 2.2.
The vulnerability is caused by a flaw in the way that PostgreSQL handles the pg_signal_backend role. The pg_signal_backend role is supposed to be restricted to signaling background workers. However, the vulnerability allows the pg_signal_backend role to signal certain superuser processes. This could allow an attacker to disrupt the operation of the PostgreSQL server.
What Can I Do to Protect Myself?
The best way to protect yourself from these vulnerabilities is to update to PostgreSQL 16.1 or later. You can download the latest version of PostgreSQL from the PostgreSQL website.
