4.4
CVE-2023-5870
- EPSS 0.65%
- Published 10.12.2023 18:15:07
- Last modified 21.11.2024 08:42:40
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Data is provided by the National Vulnerability Database (NVD)
Postgresql ≫ Postgresql Version >= 11.0 < 11.22
Postgresql ≫ Postgresql Version >= 12.0 < 12.17
Postgresql ≫ Postgresql Version >= 13.0 < 13.13
Postgresql ≫ Postgresql Version >= 14.0 < 14.10
Postgresql ≫ Postgresql Version >= 15.0 < 15.5
Postgresql ≫ Postgresql Version16.0
Redhat ≫ Codeready Linux Builder Eus Version9.2
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder Eus For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version8.6_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.0_aarch64
Redhat ≫ Codeready Linux Builder For Arm64 Eus Version9.2_aarch64
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Codeready Linux Builder For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Codeready Linux Builder For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Software Collections Version1.0
Redhat ≫ Enterprise Linux Version8.0
Redhat ≫ Enterprise Linux Version9.0
Redhat ≫ Enterprise Linux Eus Version8.6
Redhat ≫ Enterprise Linux Eus Version8.8
Redhat ≫ Enterprise Linux Eus Version9.0
Redhat ≫ Enterprise Linux Eus Version9.2
Redhat ≫ Enterprise Linux For Arm 64 Version8.0
Redhat ≫ Enterprise Linux For Arm 64 Version8.8_aarch64
Redhat ≫ Enterprise Linux For Ibm Z Systems Version8.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.6_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version8.8_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.0_s390x
Redhat ≫ Enterprise Linux For Ibm Z Systems Eus Version9.2_s390x
Redhat ≫ Enterprise Linux For Power Little Endian Version8.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.6_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version8.8_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.0_ppc64le
Redhat ≫ Enterprise Linux For Power Little Endian Eus Version9.2_ppc64le
Redhat ≫ Enterprise Linux Server Aus Version8.2
Redhat ≫ Enterprise Linux Server Aus Version8.4
Redhat ≫ Enterprise Linux Server Aus Version8.6
Redhat ≫ Enterprise Linux Server Aus Version9.2
Redhat ≫ Enterprise Linux Server Tus Version8.2
Redhat ≫ Enterprise Linux Server Tus Version8.4
Redhat ≫ Enterprise Linux Server Tus Version8.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.65% | 0.698 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.4 | 0.7 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
|
| secalert@redhat.com | 2.2 | 0.7 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
|
CWE-400 Uncontrolled Resource Consumption
The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.