CVE-2023-5870

Name
CVE-2023-5870
Description
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
NVD Severity
unknown
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7545
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7579
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7580
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7581
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7616
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7656
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7666
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7667
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7694
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7695
secalert@redhat.com https://access.redhat.com/security/cve/CVE-2023-5870
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=2247170
secalert@redhat.com https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
secalert@redhat.com https://www.postgresql.org/support/security/CVE-2023-5870/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7714
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7770
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7772
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7784
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7785
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7883
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7884
secalert@redhat.com https://access.redhat.com/errata/RHSA-2023:7885
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0304
secalert@redhat.com https://security.netapp.com/advisory/ntap-20240119-0003/
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0332
secalert@redhat.com https://access.redhat.com/errata/RHSA-2024:0337

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 11.0 < 11.22
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 12.0 < 12.17
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 13.0 < 13.13
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 14.0 < 14.10
cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:* postgresql >= 15.0 < 15.5
cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:* postgresql == None == 16.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
postgresql12 3.18-community 12.17-r0 Jakub Jirutka <jakub@jirutka.cz> fixed
postgresql14 3.15-main 14.10-r0 Jakub Jirutka <jakub@jirutka.cz> fixed