CVE-2023-5870
Postgresql: role pg_signal_backend can signal certain superuser processes.
Severity Score
4.4
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Track
*SSVC
Descriptions
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Se encontró una falla en PostgreSQL que involucra la función pg_cancel_backend que señala a los trabajadores en segundo plano, incluido el iniciador de replicación lógica, los trabajadores de autovacuum y el iniciador de autovacuum. La explotación exitosa requiere una extensión no central con un trabajador en segundo plano menos resistente y afectaría únicamente a ese trabajador en segundo plano específico. Este problema puede permitir que un usuario remoto con privilegios elevados lance un ataque de denegación de servicio (DoS).
This update for postgresql, postgresql15, postgresql16 fixes the following issues. This update ships postgresql 16. Fixed handling of unknown-type arguments in DISTINCT "any" aggregate functions. This error led to a text-type value being interpreted as an unknown-type value at runtime. This could result in disclosure of server memory following the text value. Detect integer overflow while computing new array dimensions. When assigning new elements to array subscripts that are outside the current array bounds, an undetected integer overflow could occur in edge cases. Memory stomps that are potentially exploitable for arbitrary code execution are possible, and so is disclosure of server memory. Prevent the pg_signal_backend role from signalling background workers and autovacuum processes. The documentation says that pg_signal_backend cannot issue signals to superuser-owned processes. It was able to signal these background processes, though, because they advertise a role OID of zero. Treat that as indicating superuser ownership. The security implications of cancelling one of these process types are fairly small so far as the core code goes, but extensions might add background workers that are more vulnerable. Also ensure that the is_superuser parameter is set correctly in such processes. No specific security consequences are known for that oversight, but it might be significant for some extensions. Changes in postgresql16. Upgrade to 16.1.
*Credits:
Upstream acknowledges Hemanth Sandrana and Mahendrakar Srinivasarao as the original reporters.
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Track
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-10-31 CVE Reserved
- 2023-11-14 CVE Published
- 2024-12-02 CVE Updated
- 2025-06-05 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (26)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20240119-0003 |
|
|
| https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749 | Release Notes |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 11.0 < 11.22 Search vendor "Postgresql" for product "Postgresql" and version " >= 11.0 < 11.22" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 12.0 < 12.17 Search vendor "Postgresql" for product "Postgresql" and version " >= 12.0 < 12.17" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 13.0 < 13.13 Search vendor "Postgresql" for product "Postgresql" and version " >= 13.0 < 13.13" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 14.0 < 14.10 Search vendor "Postgresql" for product "Postgresql" and version " >= 14.0 < 14.10" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | >= 15.0 < 15.5 Search vendor "Postgresql" for product "Postgresql" and version " >= 15.0 < 15.5" | - |
Affected
| ||||||
| Postgresql Search vendor "Postgresql" | Postgresql Search vendor "Postgresql" for product "Postgresql" | 16.0 Search vendor "Postgresql" for product "Postgresql" and version "16.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus" | 9.2 Search vendor "Redhat" for product "Codeready Linux Builder Eus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder Eus For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" | 9.0_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" and version "9.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder Eus For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" | 9.2_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder Eus For Power Little Endian Eus" and version "9.2_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" | 8.6_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "8.6_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" | 9.0_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "9.0_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Arm64 Eus Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" | 9.2_aarch64 Search vendor "Redhat" for product "Codeready Linux Builder For Arm64 Eus" and version "9.2_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Ibm Z Systems Eus Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" | 9.0_s390x Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" and version "9.0_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Ibm Z Systems Eus Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" | 9.2_s390x Search vendor "Redhat" for product "Codeready Linux Builder For Ibm Z Systems Eus" and version "9.2_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" | 9.0_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "9.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Codeready Linux Builder For Power Little Endian Eus Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" | 9.2_ppc64le Search vendor "Redhat" for product "Codeready Linux Builder For Power Little Endian Eus" and version "9.2_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Software Collections Search vendor "Redhat" for product "Software Collections" | 1.0 Search vendor "Redhat" for product "Software Collections" and version "1.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 8.0 Search vendor "Redhat" for product "Enterprise Linux" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux" | 9.0 Search vendor "Redhat" for product "Enterprise Linux" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 8.8 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "8.8" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.0 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 9.2 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | 8.0 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" and version "8.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Arm 64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" | 8.8_aarch64 Search vendor "Redhat" for product "Enterprise Linux For Arm 64" and version "8.8_aarch64" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" | 8.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "8.0_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 8.6_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.6_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 8.8_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "8.8_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 9.0_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "9.0_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Ibm Z Systems Eus Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" | 9.2_s390x Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems Eus" and version "9.2_s390x" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" | 8.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "8.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.6_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.6_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 8.8_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "8.8_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 9.0_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.0_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux For Power Little Endian Eus Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" | 9.2_ppc64le Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian Eus" and version "9.2_ppc64le" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 9.2 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "9.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.2 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.4 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.4" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Tus Search vendor "Redhat" for product "Enterprise Linux Server Tus" | 8.6 Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.6" | - |
Affected
| ||||||