Certain aggregate function calls receiving "unknown"-type arguments could disclose bytes of server memory from the end of the "unknown"-type value to the next zero byte. One typically gets an "unknown"-type value via a string literal having no type designation. We have not confirmed or ruled out viability of attacks that arrange for presence of notable, confidential information in disclosed bytes.
The PostgreSQL project thanks Jingzhou Fu for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 16 | 16.1 | Nov. 9, 2023 |
| 15 | 15.5 | Nov. 9, 2023 |
| 14 | 14.10 | Nov. 9, 2023 |
| 13 | 13.13 | Nov. 9, 2023 |
| 12 | 12.17 | Nov. 9, 2023 |
| 11 | 11.22 | Nov. 9, 2023 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 4.3 |
|---|---|
| Component | core server |
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.