4.4

CVE-2023-5870

Postgresql: role pg_signal_backend can signal certain superuser processes.

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostgresqlPostgresql Version >= 11.0 < 11.22
PostgresqlPostgresql Version >= 12.0 < 12.17
PostgresqlPostgresql Version >= 13.0 < 13.13
PostgresqlPostgresql Version >= 14.0 < 14.10
PostgresqlPostgresql Version >= 15.0 < 15.5
PostgresqlPostgresql Version16.0
RedhatSoftware Collections Version1.0
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Eus Version8.6
RedhatEnterprise Linux Eus Version8.8
RedhatEnterprise Linux Eus Version9.0
RedhatEnterprise Linux Eus Version9.2
RedhatEnterprise Linux For Arm 64 Version8.8_aarch64
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.56% 0.83
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.4 0.7 3.6
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
secalert@redhat.com 2.2 0.7 1.4
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

https://access.redhat.com/errata/RHSA-2023:7545
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7714
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772
Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
Release Notes
https://security.netapp.com/advisory/ntap-20240119-0003/
https://access.redhat.com/security/cve/CVE-2023-5870
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2247170
Issue Tracking
https://www.postgresql.org/support/security/CVE-2023-5870/
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html