CVE-2023-5870

Name
CVE-2023-5870
Description
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7545
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7579
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7580
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7581
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7616
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7656
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7666
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7667
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7694
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7695
vdb-entry https://access.redhat.com/security/cve/CVE-2023-5870
issue-tracking https://bugzilla.redhat.com/show_bug.cgi?id=2247170
secalert@redhat.com https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
secalert@redhat.com https://www.postgresql.org/support/security/CVE-2023-5870/
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7714
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7770
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7772
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7784
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7785
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7883
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7884
vendor-advisory https://access.redhat.com/errata/RHSA-2023:7885
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0304
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240119-0003/
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0332
vendor-advisory https://access.redhat.com/errata/RHSA-2024:0337
af854a3a-2127-422b-91ae-364da2661108 https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html

Match rules

CPE URI Source package Min version Max version
cpe:/a:redhat:advanced_cluster_security:4.2::el8 shopxo >= 4.2.4-6 < *
cpe:/a:redhat:advanced_cluster_security:4.2::el8 shopxo >= 4.2.4-7 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 8090020231114113712.a75119d5 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 8090020231128173330.a75119d5 < *
cpe:/a:redhat:enterprise_linux:8::appstream shopxo >= 8090020231114113548.a75119d5 < *
cpe:/a:redhat:rhel_eus:8.6::appstream shopxo >= 8060020231114115246.ad008a3a < *
cpe:/a:redhat:rhel_eus:8.6::appstream shopxo >= 8060020231128165328.ad008a3a < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 8080020231114105206.63b34585 < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 8080020231128165335.63b34585 < *
cpe:/a:redhat:rhel_eus:8.8::appstream shopxo >= 8080020231113134015.63b34585 < *
cpe:/a:redhat:enterprise_linux:9::appstream shopxo >= 9030020231120082734.rhel9 < *
cpe:/a:redhat:rhel_eus:9.0::crb shopxo >= 0:13.13-1.el9_0 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 0:13.13-1.el9_2 < *
cpe:/a:redhat:rhel_eus:9.2::appstream shopxo >= 9020020231115020618.rhel9 < *
cpe:/a:redhat:rhel_software_collections:3::el7 shopxo >= 0:12.17-1.el7 < *
cpe:/a:redhat:rhel_software_collections:3::el7 shopxo >= 0:13.13-1.el7 < *
cpe:/a:redhat:advanced_cluster_security:3.74::el8 shopxo >= 3.74.8-9 < *
cpe:/a:redhat:advanced_cluster_security:3.74::el8 shopxo >= 3.74.8-7 < *
cpe:/a:redhat:advanced_cluster_security:4.1::el8 shopxo >= 4.1.6-6 < *
cpe:/a:redhat:rhel_aus:8.2::appstream shopxo >= 8020020231128165246.4cda2c84 < *
cpe:/a:redhat:rhel_e4s:8.4::appstream shopxo >= 8040020231127153301.522a0ee4 < *
cpe:/a:redhat:rhel_e4s:8.4::appstream shopxo >= 8040020231127154806.522a0ee4 < *
cpe:/a:redhat:enterprise_linux:9::crb shopxo >= 0:13.13-1.el9_3 < *

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
postgresql17 edge-main 16.1-r0 None fixed
postgresql16 edge-main 16.1-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql16 edge-community 16.1-r0 None fixed
postgresql16 3.22-main 16.1-r0 None fixed
postgresql16 3.21-main 16.1-r0 None fixed
postgresql16 3.20-main 16.1-r0 None fixed
postgresql16 3.19-main 16.1-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 edge-main 15.5-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 edge-community 15.5-r0 None fixed
postgresql15 3.22-community 15.5-r0 None fixed
postgresql15 3.21-community 15.5-r0 None fixed
postgresql15 3.20-main 15.5-r0 None fixed
postgresql15 3.19-main 15.5-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 3.18-main 15.5-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql15 3.17-main 15.5-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 edge-community 14.10-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 3.20-community 14.10-r0 None fixed
postgresql14 3.19-community 14.10-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 3.18-main 14.10-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 3.17-main 14.10-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql12 3.18-community 12.17-r0 Jakub Jirutka <jakub@jirutka.cz> fixed