ALPINE-CVE-2023-5869 — Vulnetix

Try Vulnetix Request Demo

ALPINE-CVE-2023-5869 PUBLISHED CVSS 8.800000190734863 HIGH

A flaw was found in PostgreSQL that allows authenticated database users to execute arbitrary code through missing overflow checks during SQL array value modification. This issue exists due to an integer overflow during array modification where a remote user can trigger the overflow by providing specially crafted data. This enables the execution of arbitrary code on the target system, allowing users to write arbitrary bytes to memory and extensively read the server's memory.

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.18	postgresql15	15.3-r0, 15.1-r1, 15.4-r0
Alpine:v3.20	postgresql15	15.2-r0, 15.2-r2, 15.2-r3
Alpine:v3.22	postgresql16	0, 0, 16.0-r1
Alpine:v3.18	postgresql14	14.1-r4, 12.2-r2, 14.1-r7
Alpine:v3.21	postgresql16	16.0-r1, 16.0-r0, 0
Alpine:v3.19	postgresql15	15.4-r1, 15.4-r2, 15.4-r0
Alpine:v3.17	postgresql14	9.6.1-r1, 11.0-r1, 9.5.3-r1
Alpine:v3.20	postgresql16	16.0-r2, 0, 16.0-r2
Alpine:v3.17	postgresql15	15.4-r0, 0, 15.2-r0
Alpine:v3.15	postgresql14	10.4-r0, 14.0-r0, 14.0-r2
Alpine:v3.16	postgresql14	14.0-r2, 9.4.3-r0, 9.4.2-r0
Alpine:v3.19	postgresql16	0, 16.0-r1, 16.0-r2

Timeline

Dec 10, 2023 CVE Published
Nov 19, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2023-5869 advisory

Open in Interactive Console →