CVE-2023-5870
published 2023-12-10CVE-2023-5870: A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum…
medium4.4CVSS 3.1
AVNACHPRHUINSUCNINAH
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Affected
48 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | postgresql-13 | < postgresql-13 13.13-0+deb11u1 (bullseye) | postgresql-13 13.13-0+deb11u1 (bullseye) |
| debian | postgresql-15 | < postgresql-13 13.13-0+deb11u1 (bullseye) | postgresql-13 13.13-0+deb11u1 (bullseye) |
| msrc | azl3_postgresql_16.7-1_on_azure_linux_3.0 | — | — |
| msrc | cbl2_postgresql_14.14-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| postgresql | postgresql | — | — |
| postgresql | postgresql | >= 11.0 < 11.22 | 11.22 |
| postgresql | postgresql | >= 12.0 < 12.17 | 12.17 |
| postgresql | postgresql | >= 13.0 < 13.13 | 13.13 |
| postgresql | postgresql | >= 14.0 < 14.10 | 14.10 |
| postgresql | postgresql | >= 15.0 < 15.5 | 15.5 |
| redhat | codeready_linux_builder_eus | — | — |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | — | — |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | — | — |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | — | — |
| redhat | codeready_linux_builder_for_power_little_endian_eus | — | — |
| redhat | codeready_linux_builder_for_power_little_endian_eus | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux_eus | — | — |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
osv8.8HIGH