Lucene search

MitreCVE-2020-21469

HistoryAug 22, 2023 - 7:16 p.m.

CVE-2020-21469

2023-08-2219:16:13

CWE-120

mitre

web.nvd.nist.gov

314

cve-2020-21469

postgresql

denial of service

sighup signals

nvd

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).

Affected configurations

Nvd

Node

postgresqlpostgresqlMatch12.2

VendorProductVersionCPE
postgresqlpostgresql12.2cpe:2.3:a:postgresql:postgresql:12.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
postgresql	postgresql	12.2	cpe:2.3:a:postgresql:postgresql:12.2:::::::*

References

www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com

www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com

www.postgresql.org/support/security/

CVSS3

4.4

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

AI Score

4.6

Confidence

High

EPSS

Percentile

5.1%

JSON

Related for CVE-2020-21469