Buffer overrun from integer overflow in array modification (CVE-2023-5869)
25092
01 November 2024
01 November 2024
OPEN
MEDIUM
8.8 - Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2023-5869
Brocade Security Advisory ID |
BSA-2024-2478 |
Component |
PostgreSQL |
|
|
Summary
A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.
Products Affected
- Brocade SANnav versions before 2.3.0a and Brocade SANnav 2.3.1
Products Confirmed Not Affected
- Brocade Fabric OS is Not Affected - [Component_not_present]
- Brocade ASCG is Not Affected - [Component_not_present]
Solution
Security update provided in Brocade SANnav 2.3.1a and Brocade SANnav 2.3.0a
Revision History
Version |
Change |
Date |
1.0 |
Initial Publication |
October 17, 2024 |
Disclaimer
THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.