CVE-2023-5870
- Source
- https://cve.org/CVERecord?id=CVE-2023-5870
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5870.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-5870
- Aliases
- Downstream
- Related
- Published
- 2023-12-10T18:15:07.643Z
- Modified
- 2026-03-23T05:05:56.166601510Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
- References
-
- https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/security/cve/CVE-2023-5870
- https://security.netapp.com/advisory/ntap-20240119-0003/
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2024:0332
- https://www.postgresql.org/support/security/CVE-2023-5870/
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2024:0304
- https://bugzilla.redhat.com/show_bug.cgi?id=2247170
Affected packages
Git /
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "11.0"
},
{
"fixed": "11.22"
}
]
},
{
"events": [
{
"introduced": "12.0"
},
{
"fixed": "12.17"
}
]
},
{
"events": [
{
"introduced": "13.0"
},
{
"fixed": "13.13"
}
]
},
{
"events": [
{
"introduced": "14.0"
},
{
"fixed": "14.10"
}
]
},
{
"events": [
{
"introduced": "15.0"
},
{
"fixed": "15.5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6_aarch64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0_aarch64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2_aarch64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8_aarch64"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2_s390x"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.8_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2_ppc64le"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.6"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5870.json"