CVE-2023-5870
- Source
- https://cve.org/CVERecord?id=CVE-2023-5870
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-5870.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-5870
- Aliases
- Downstream
- Related
- Published
- 2023-12-10T18:15:07.643Z
- Modified
- 2026-02-13T15:58:22.415471Z
- Severity
-
- 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in PostgreSQL involving the pgcancelbackend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
- References
-
- https://lists.debian.org/debian-lts-announce/2023/11/msg00007.html
- https://access.redhat.com/errata/RHSA-2023:7545
- https://access.redhat.com/errata/RHSA-2023:7579
- https://access.redhat.com/errata/RHSA-2023:7580
- https://access.redhat.com/errata/RHSA-2023:7581
- https://access.redhat.com/errata/RHSA-2023:7616
- https://access.redhat.com/errata/RHSA-2023:7656
- https://access.redhat.com/errata/RHSA-2023:7666
- https://access.redhat.com/errata/RHSA-2023:7667
- https://access.redhat.com/errata/RHSA-2023:7694
- https://access.redhat.com/errata/RHSA-2023:7695
- https://access.redhat.com/errata/RHSA-2023:7714
- https://access.redhat.com/errata/RHSA-2023:7770
- https://access.redhat.com/errata/RHSA-2023:7772
- https://access.redhat.com/errata/RHSA-2023:7784
- https://access.redhat.com/errata/RHSA-2023:7785
- https://access.redhat.com/errata/RHSA-2023:7883
- https://access.redhat.com/errata/RHSA-2023:7884
- https://access.redhat.com/errata/RHSA-2023:7885
- https://access.redhat.com/errata/RHSA-2024:0304
- https://access.redhat.com/errata/RHSA-2024:0332
- https://access.redhat.com/errata/RHSA-2024:0337
- https://access.redhat.com/security/cve/CVE-2023-5870
- https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
- https://www.postgresql.org/support/security/CVE-2023-5870/
- https://security.netapp.com/advisory/ntap-20240119-0003/
- https://bugzilla.redhat.com/show_bug.cgi?id=2247170
Affected packages
Git / git.postgresql.org/git/postgresql.git
Affected ranges
- Type
- GIT
- Repo
- https://git.postgresql.org/git/postgresql.git
- Events
-
Introduced19f20081df059fef87e14c8e953669bd173dd7f1Fixedfd851f9e4a13d81cccc4ac5d6059d732c7518111Introduced29be9983a64c011eac0b9ee29895cce71e15ea77Fixed319310aa121285b1c7c036cb956a11bcc9d1bcb2Introduced2a7ce2e2ce474504a707ec03e128fde66cfb8b48Fixed1e7f81e90741795d547c0290b4a82d84d518faacIntroduced86a4dc1e6f29d1992a2afa3fac1a0b0a6e84568cFixed33d5cf65f8c97d6bf085dffecb51c6a52d1f3f0dIntroducedad1f2885b8c82e0c2d56d7974f012cbecce17a17Fixed2fe2d1af14fd2fb5afeee94b94c4d8a34a829e32
Affected versions
Other
REL_11_0
REL_11_1
REL_11_10
REL_11_11
REL_11_12
REL_11_13
REL_11_14
REL_11_15
REL_11_16
REL_11_17
REL_11_18
REL_11_19
REL_11_2
REL_11_20
REL_11_21
REL_11_3
REL_11_4
REL_11_5
REL_11_6
REL_11_7
REL_11_8
REL_11_9
REL_12_0
REL_12_1
REL_12_10
REL_12_11
REL_12_12
REL_12_13
REL_12_14
REL_12_15
REL_12_16
REL_12_2
REL_12_3
REL_12_4
REL_12_5
REL_12_6
REL_12_7
REL_12_8
REL_12_9
REL_13_0
REL_13_1
REL_13_10
REL_13_11
REL_13_12
REL_13_2
REL_13_3
REL_13_4
REL_13_5
REL_13_6
REL_13_7
REL_13_8
REL_13_9
REL_14_0
REL_14_1
REL_14_2
REL_14_3
REL_14_4
REL_14_5
REL_14_6
REL_14_7
REL_14_8
REL_14_9
REL_15_0
REL_15_1
REL_15_2
REL_15_3
REL_15_4