Vulnerabilities > CVE-2023-5870

CVSS 4.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

high complexity

postgresql

redhat

NVD

Published: 2023-12-10

Updated: 2024-01-25

Summary

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

Vulnerable Configurations

Part	Description	Count
Application	Postgresql Postgresql Postgresql 16.0 Postgresql Postgresql 15.0 Postgresql Postgresql 15.1 Postgresql Postgresql 15.2 Postgresql Postgresql 15.3 Postgresql Postgresql 15.4 Postgresql Postgresql 14.0 Postgresql Postgresql 14.1 Postgresql Postgresql 14.2 Postgresql Postgresql 14.3 Postgresql Postgresql 14.4 Postgresql Postgresql 14.5 Postgresql Postgresql 14.6 Postgresql Postgresql 14.7 Postgresql Postgresql 14.8 Postgresql Postgresql 14.9 Postgresql Postgresql 13.0 Postgresql Postgresql 13.1 Postgresql Postgresql 13.2 Postgresql Postgresql 13.3 Postgresql Postgresql 13.4 Postgresql Postgresql 13.5 Postgresql Postgresql 13.6 Postgresql Postgresql 13.7 Postgresql Postgresql 13.8 Postgresql Postgresql 13.9 Postgresql Postgresql 13.10 Postgresql Postgresql 13.11 Postgresql Postgresql 13.12 Postgresql Postgresql 12.0 Postgresql Postgresql 12.1 Postgresql Postgresql 12.2 Postgresql Postgresql 12.3 Postgresql Postgresql 12.4 Postgresql Postgresql 12.5 Postgresql Postgresql 12.6 Postgresql Postgresql 12.7 Postgresql Postgresql 12.8 Postgresql Postgresql 12.9 Postgresql Postgresql 12.10 Postgresql Postgresql 12.11 Postgresql Postgresql 12.12 Postgresql Postgresql 12.13 Postgresql Postgresql 12.14 Postgresql Postgresql 12.15 Postgresql Postgresql 12.16 Postgresql Postgresql 11.0 Postgresql Postgresql 11.1 Postgresql Postgresql 11.2 Postgresql Postgresql 11.3 Postgresql Postgresql 11.4 Postgresql Postgresql 11.5 Postgresql Postgresql 11.6 Postgresql Postgresql 11.7 Postgresql Postgresql 11.8 Postgresql Postgresql 11.9 Postgresql Postgresql 11.10 Postgresql Postgresql 11.11 Postgresql Postgresql 11.12 Postgresql Postgresql 11.13 Postgresql Postgresql 11.14 Postgresql Postgresql 11.15 Postgresql Postgresql 11.16 Postgresql Postgresql 11.17 Postgresql Postgresql 11.18 Postgresql Postgresql 11.19 Postgresql Postgresql 11.20 Postgresql Postgresql 11.21	68
Application	Redhat Redhat Software Collections 1.0 Redhat Codeready Linux Builder FOR Arm64 EUS 9.2_Aarch64 Redhat Codeready Linux Builder FOR Arm64 EUS 9.0_Aarch64 Redhat Codeready Linux Builder FOR Arm64 EUS 8.6_Aarch64 Redhat Codeready Linux Builder FOR IBM Z Systems EUS 9.2_S390X Redhat Codeready Linux Builder FOR IBM Z Systems EUS 9.0_S390X Redhat Codeready Linux Builder EUS FOR Power Little Endian EUS 9.2_Ppc64Le Redhat Codeready Linux Builder EUS FOR Power Little Endian EUS 9.0_Ppc64Le Redhat Codeready Linux Builder EUS 9.2 Redhat Codeready Linux Builder FOR Power Little Endian EUS 9.2_Ppc64Le Redhat Codeready Linux Builder FOR Power Little Endian EUS 9.0_Ppc64Le	11
OS	Redhat Redhat Enterprise Linux 8.0 Redhat Enterprise Linux 9.0 Redhat Enterprise Linux Server TUS 8.2 Redhat Enterprise Linux Server TUS 8.4 Redhat Enterprise Linux Server TUS 8.6 Redhat Enterprise Linux Server AUS 8.2 Redhat Enterprise Linux Server AUS 8.4 Redhat Enterprise Linux Server AUS 8.6 Redhat Enterprise Linux Server AUS 9.2 Redhat Enterprise Linux EUS 8.6 Redhat Enterprise Linux EUS 9.0 Redhat Enterprise Linux EUS 8.8 Redhat Enterprise Linux EUS 9.2 Redhat Enterprise Linux FOR ARM 64 8.0 Redhat Enterprise Linux FOR ARM 64 8.8_Aarch64 Redhat Enterprise Linux FOR Power Little Endian EUS 9.2_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian EUS 8.8_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian EUS 9.0_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian EUS 8.6_Ppc64Le Redhat Enterprise Linux FOR Power Little Endian 8.0_Ppc64Le Redhat Enterprise Linux FOR IBM Z Systems EUS 8.8_S390X Redhat Enterprise Linux FOR IBM Z Systems EUS 9.2_S390X Redhat Enterprise Linux FOR IBM Z Systems EUS 9.0_S390X Redhat Enterprise Linux FOR IBM Z Systems EUS 8.6_S390X Redhat Enterprise Linux FOR IBM Z Systems 8.0_S390X	25

Vulnerabilities > CVE-2023-5870 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2023-5870"}]}

Summary

Vulnerable Configurations

References

Vulnerabilities > CVE-2023-5870