A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Metrics
Affected Vendors & Products
References
History
Mon, 02 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Sat, 14 Sep 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-12-10T17:58:30.213Z
Updated: 2024-12-02T17:04:19.568Z
Reserved: 2023-10-31T03:56:58.366Z
Link: CVE-2023-5870
Vulnrichment
Updated: 2024-08-02T08:14:24.816Z
NVD
Status : Modified
Published: 2023-12-10T18:15:07.643
Modified: 2024-11-21T08:42:40.697
Link: CVE-2023-5870
Redhat