CVE-2023-5870
10.12.2023, 18:15
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.Enginsight
| Vendor | Product | Version |
|---|---|---|
| postgresql | postgresql | 11.0 ≤ 𝑥 < 11.22 |
| postgresql | postgresql | 12.0 ≤ 𝑥 < 12.17 |
| postgresql | postgresql | 13.0 ≤ 𝑥 < 13.13 |
| postgresql | postgresql | 14.0 ≤ 𝑥 < 14.10 |
| postgresql | postgresql | 15.0 ≤ 𝑥 < 15.5 |
| postgresql | postgresql | 16.0 |
| redhat | codeready_linux_builder_eus | 9.2 |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | 9.0_ppc64le:_ppc64le |
| redhat | codeready_linux_builder_eus_for_power_little_endian_eus | 9.2_ppc64le:_ppc64le |
| redhat | codeready_linux_builder_for_arm64_eus | 8.6_aarch64:_aarch64 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.0_aarch64:_aarch64 |
| redhat | codeready_linux_builder_for_arm64_eus | 9.2_aarch64:_aarch64 |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.0_s390x:_s390x |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | 9.2_s390x:_s390x |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.0_ppc64le:_ppc64le |
| redhat | codeready_linux_builder_for_power_little_endian_eus | 9.2_ppc64le:_ppc64le |
| redhat | software_collections | 1.0 |
| redhat | enterprise_linux | 8.0 |
| redhat | enterprise_linux | 9.0 |
| redhat | enterprise_linux_eus | 8.6 |
| redhat | enterprise_linux_eus | 8.8 |
| redhat | enterprise_linux_eus | 9.0 |
| redhat | enterprise_linux_eus | 9.2 |
| redhat | enterprise_linux_for_arm_64 | 8.0 |
| redhat | enterprise_linux_for_arm_64 | 8.8_aarch64:_aarch64 |
| redhat | enterprise_linux_for_ibm_z_systems | 8.0_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.6_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 8.8_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.0_s390x:_s390x |
| redhat | enterprise_linux_for_ibm_z_systems_eus | 9.2_s390x:_s390x |
| redhat | enterprise_linux_for_power_little_endian | 8.0_ppc64le:_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.6_ppc64le:_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 8.8_ppc64le:_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.0_ppc64le:_ppc64le |
| redhat | enterprise_linux_for_power_little_endian_eus | 9.2_ppc64le:_ppc64le |
| redhat | enterprise_linux_server_aus | 8.2 |
| redhat | enterprise_linux_server_aus | 8.4 |
| redhat | enterprise_linux_server_aus | 8.6 |
| redhat | enterprise_linux_server_aus | 9.2 |
| redhat | enterprise_linux_server_tus | 8.2 |
| redhat | enterprise_linux_server_tus | 8.4 |
| redhat | enterprise_linux_server_tus | 8.6 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| postgresql-10 |
| ||||||||||||||||||
| postgresql-12 |
| ||||||||||||||||||
| postgresql-14 |
| ||||||||||||||||||
| postgresql-15 |
| ||||||||||||||||||
| postgresql-16 |
| ||||||||||||||||||
| postgresql-9.1 |
| ||||||||||||||||||
| postgresql-9.3 |
| ||||||||||||||||||
| postgresql-9.5 |
|
References