CVE-2023-5870

Updated: 2024-11-23 02:28:11.962718

Description:

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 4.4

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

Ubuntu 16.04 ELS postgresql-9.5 9.5.25-0 4.4 MEDIUM Not Vulnerable 2024-01-22 08:40:50
Ubuntu 18.04 ELS postgresql-10 10.23-0 4.4 MEDIUM Released CLSA-2024:1707822783 2024-02-13 08:28:20