We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.
Please see our statement on Data Privacy.
Assigner | redhat |
Reserved | 2023-10-31 |
Published | 2023-12-10 |
Updated | 2024-09-13 |
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
Uncontrolled Resource Consumption
2023-10-31: | Reported to Red Hat. |
2023-11-09: | Made public. |
Upstream acknowledges Hemanth Sandrana and Mahendrakar Srinivasarao as the original reporters.
https://access.redhat.com/errata/RHSA-2023:7545 (RHSA-2023:7545)
https://access.redhat.com/errata/RHSA-2023:7579 (RHSA-2023:7579)
https://access.redhat.com/errata/RHSA-2023:7580 (RHSA-2023:7580)
https://access.redhat.com/errata/RHSA-2023:7581 (RHSA-2023:7581)
https://access.redhat.com/errata/RHSA-2023:7616 (RHSA-2023:7616)
https://access.redhat.com/errata/RHSA-2023:7656 (RHSA-2023:7656)
https://access.redhat.com/errata/RHSA-2023:7666 (RHSA-2023:7666)
https://access.redhat.com/errata/RHSA-2023:7667 (RHSA-2023:7667)
https://access.redhat.com/errata/RHSA-2023:7694 (RHSA-2023:7694)
https://access.redhat.com/errata/RHSA-2023:7695 (RHSA-2023:7695)
https://access.redhat.com/errata/RHSA-2023:7714 (RHSA-2023:7714)
https://access.redhat.com/errata/RHSA-2023:7770 (RHSA-2023:7770)
https://access.redhat.com/errata/RHSA-2023:7772 (RHSA-2023:7772)
https://access.redhat.com/errata/RHSA-2023:7784 (RHSA-2023:7784)
https://access.redhat.com/errata/RHSA-2023:7785 (RHSA-2023:7785)
https://access.redhat.com/errata/RHSA-2023:7883 (RHSA-2023:7883)
https://access.redhat.com/errata/RHSA-2023:7884 (RHSA-2023:7884)
https://access.redhat.com/errata/RHSA-2023:7885 (RHSA-2023:7885)
https://access.redhat.com/errata/RHSA-2024:0304 (RHSA-2024:0304)
https://access.redhat.com/errata/RHSA-2024:0332 (RHSA-2024:0332)
https://access.redhat.com/errata/RHSA-2024:0337 (RHSA-2024:0337)
https://access.redhat.com/security/cve/CVE-2023-5870
https://bugzilla.redhat.com/show_bug.cgi?id=2247170 (RHBZ#2247170)
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5870/