CVE-2023-5870
Postgresql: role pg_signal_backend can signal certain superuser processes.
Severity Score
4.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Se encontró una falla en PostgreSQL que involucra la función pg_cancel_backend que señala a los trabajadores en segundo plano, incluido el iniciador de replicación lógica, los trabajadores de autovacuum y el iniciador de autovacuum. La explotación exitosa requiere una extensión no central con un trabajador en segundo plano menos resistente y afectaría únicamente a ese trabajador en segundo plano específico. Este problema puede permitir que un usuario remoto con privilegios elevados lance un ataque de denegación de servicio (DoS).
*Credits:
Upstream acknowledges Hemanth Sandrana and Mahendrakar Srinivasarao as the original reporters.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-31 CVE Reserved
- 2023-11-14 CVE Published
- 2024-09-13 CVE Updated
- 2024-09-14 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20240119-0003 |
|
|
| https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 11.0 < 11.22 Search vendor "Postgresql" for product "Postgresql" and version " >= 11.0 < 11.22" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 12.0 < 12.17 Search vendor "Postgresql" for product "Postgresql" and version " >= 12.0 < 12.17" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 13.0 < 13.13 Search vendor "Postgresql" for product "Postgresql" and version " >= 13.0 < 13.13" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 14.0 < 14.10 Search vendor "Postgresql" for product "Postgresql" and version " >= 14.0 < 14.10" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 15.0 < 15.5 Search vendor "Postgresql" for product "Postgresql" and version " >= 15.0 < 15.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 16.0 Search vendor "Postgresql" for product "Postgresql" and version "16.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus" | 9.2 Search vendor "Redhat" for product "Codeready Linux Builder Eus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder Eus For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" | 9.0_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" and version "9.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder Eus For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" | 9.2_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" and version "9.2_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" | 8.6_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "8.6_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" | 9.0_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "9.0_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" | 9.2_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "9.2_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Ibm Z Systems Eus Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" | 9.0_s390x Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" and version "9.0_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Ibm Z Systems Eus Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" | 9.2_s390x Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" and version "9.2_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" | 9.0_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "9.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" | 9.2_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "9.2_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Software Collections Search vendor "Redhat" for product "Software Collections" | 1.0 Search vendor "Redhat" for product "Software Collections" and version "1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.8 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.0 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | 8.0 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | 8.8_aarch64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" and version "8.8_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | 8.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "8.0_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 8.6_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.6_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 8.8_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.8_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 9.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "9.0_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 9.2_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "9.2_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | 8.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "8.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.6_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.6_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.8_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.8_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 9.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 9.2_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.2_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 9.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.6" | - |
Affected
| ||||||