Updated: 2024-11-23 02:28:11.962718
Description:
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 4.4 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
Ubuntu 16.04 ELS | postgresql-9.5 | 9.5.25-0 | 4.4 | MEDIUM | Not Vulnerable | 2024-01-22 08:40:50 | ||
Ubuntu 18.04 ELS | postgresql-10 | 10.23-0 | 4.4 | MEDIUM | Released | CLSA-2024:1707822783 | 2024-02-13 08:28:20 |