Buffer overrun from integer overflow in array modification (CVE-2023-5869)

Brocade SANnav

0 more products

25092

01 November 2024

01 November 2024

OPEN

MEDIUM

8.8 - Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2023-5869

Brocade Security Advisory ID

BSA-2024-2478

Component

PostgreSQL

 

 

Summary

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Products Affected

  • Brocade SANnav versions before 2.3.0a and Brocade SANnav 2.3.1

Products Confirmed Not Affected

  • Brocade Fabric OS is Not Affected - [Component_not_present]
  • Brocade ASCG is Not Affected - [Component_not_present]

Solution

Security update provided in Brocade SANnav 2.3.1a and  Brocade SANnav 2.3.0a

Revision History

Version

Change

Date

1.0

Initial Publication

October 17, 2024

 

Disclaimer

THIS DOCUMENT IS PROVIDED ON AN AS-IS BASIS SOLELY FOR INFORMATIONAL PURPOSES AND DOES NOT IMPLY ANY KIND OF GUARANTY OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. YOUR USE OF THE INFORMATION CONTAINED HEREIN IS AT YOUR OWN RISK. ALL INFORMATION PROVIDED HEREIN IS BASED ON BROCADE'S CURRENT KNOWLEDGE AND UNDERSTANDING OF THE VULNERABILITY AND IMPACT TO BROCADE HARDWARE AND SOFTWARE PRODUCTS. BROCADE RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.