CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
45.9%
A flaw was found in PostgreSQL involving the pg_cancel_backend role that
signals background workers, including the logical replication launcher,
autovacuum workers, and the autovacuum launcher. Successful exploitation
requires a non-core extension with a less-resilient background worker and
would affect that specific background worker only. This issue may allow a
remote high privileged user to launch a denial of service (DoS) attack.
Author | Note |
---|---|
leosilva | PostgreSQL 9.3 is end of life upstream, and no updates are are available. Marking as deferred in -esm-main releases. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | postgresql-10 | < 10.23-0ubuntu0.18.04.2+esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | postgresql-12 | < 12.17-0ubuntu0.20.04.1 | UNKNOWN |
ubuntu | 22.04 | noarch | postgresql-14 | < 14.10-0ubuntu0.22.04.1 | UNKNOWN |
ubuntu | 23.04 | noarch | postgresql-15 | < 15.5-0ubuntu0.23.04.1 | UNKNOWN |
ubuntu | 23.10 | noarch | postgresql-15 | < 15.5-0ubuntu0.23.10.1 | UNKNOWN |
ubuntu | 14.04 | noarch | postgresql-9.3 | < any | UNKNOWN |
ubuntu | 16.04 | noarch | postgresql-9.5 | < 9.5.25-0ubuntu0.16.04.1+esm6 | UNKNOWN |
git.postgresql.org/gitweb/?p=postgresql.git;a=commit;h=e082734c8e78e6622a0422e612a870278721e83f (v11)
launchpad.net/bugs/cve/CVE-2023-5870
nvd.nist.gov/vuln/detail/CVE-2023-5870
security-tracker.debian.org/tracker/CVE-2023-5870
ubuntu.com/security/notices/USN-6538-1
ubuntu.com/security/notices/USN-6538-2
ubuntu.com/security/notices/USN-6570-1
www.cve.org/CVERecord?id=CVE-2023-5870
www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
www.postgresql.org/support/security/CVE-2023-5870/
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
45.9%