4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
36.3%
postgresql is vulnerable to Denial Of Service (DoS). This vulnerability occurs when a user sends a specially crafted MERGE command to PostgreSQL. If the command is valid, PostgreSQL could be tricked into entering an infinite loop which could prevent PostgreSQL from serving requests, resulting in a denial of service.
access.redhat.com/errata/RHSA-2023:7785
access.redhat.com/errata/RHSA-2023:7883
access.redhat.com/errata/RHSA-2023:7884
access.redhat.com/errata/RHSA-2023:7885
access.redhat.com/security/cve/CVE-2023-39418
bugzilla.redhat.com/show_bug.cgi?id=2228112
git.postgresql.org/gitweb/?p=postgresql.git;a=commitdiff;h=cb2ae5741f2458a474ed3c31458d242e678ff229
secdb.alpinelinux.org/edge/community.yaml
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/community.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/community.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/community.yaml
secdb.alpinelinux.org/v3.17/main.yaml
secdb.alpinelinux.org/v3.18/community.yaml
secdb.alpinelinux.org/v3.18/main.yaml
security.netapp.com/advisory/ntap-20230915-0002/
www.debian.org/security/2023/dsa-5553
www.postgresql.org/support/security/CVE-2023-39418/