CVE-2023-5870 - Vulnerability Details

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00645.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Postgresql	Postgresql
Redhat	Advanced Cluster Security Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Eus Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Enterprise Linux Server Tus Rhel Aus Rhel E4s Rhel Eus Rhel Software Collections Rhel Tus Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:16.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:software_collections:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Package	CPE	Advisory	Released Date
Red Hat Advanced Cluster Security 4.2
advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
Red Hat Enterprise Linux 8
postgresql:13-8090020231114113712.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7581	2023-11-29T00:00:00Z
postgresql:12-8090020231128173330.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7714	2023-12-11T00:00:00Z
postgresql:15-8090020231114113548.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7884	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
postgresql:13-8060020231114115246.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7580	2023-11-29T00:00:00Z
postgresql:12-8060020231128165328.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7666	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
postgresql:13-8080020231114105206.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7579	2023-11-29T00:00:00Z
postgresql:12-8080020231128165335.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7656	2023-12-05T00:00:00Z
postgresql:15-8080020231113134015.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7883	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 9
postgresql-0:13.13-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7784	2023-12-13T00:00:00Z
postgresql:15-9030020231120082734.rhel9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7785	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
postgresql-0:13.13-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:7545	2023-11-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
postgresql-0:13.13-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7616	2023-11-30T00:00:00Z
postgresql:15-9020020231115020618.rhel9	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7885	2023-12-20T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-postgresql12-postgresql-0:12.17-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7770	2023-12-13T00:00:00Z
rh-postgresql13-postgresql-0:13.13-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7772	2023-12-13T00:00:00Z
RHACS-3.74-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:3.74.8-7	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
RHACS-4.1-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z

No data.

Advisories

Source	ID	Title
Debian DLA	DLA-3651-1	postgresql-11 security update
Debian DSA	DSA-5553-1	postgresql-15 security update
Debian DSA	DSA-5554-1	postgresql-13 security update
EUVD	EUVD-2023-58144	A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Ubuntu USN	USN-6538-1	PostgreSQL vulnerabilities
Ubuntu USN	USN-6538-2	PostgreSQL vulnerabilities
Ubuntu USN	USN-6570-1	PostgreSQL vulnerabilities

Fixes

Solution

No solution given by the vendor.

Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5870
https://bugzilla.redhat.com/show_bug.cgi?id=2247170
https://nvd.nist.gov/vuln/detail/CVE-2023-5870
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.cve.org/CVERecord?id=CVE-2023-5870
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5870/

History

Sat, 04 Oct 2025 01:30:00 +0000

Type	Values Removed	Values Added
CPEs	~~cpe:/o:redhat:enterprise_linux:9~~

Mon, 02 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240119-0003/

Sat, 14 Sep 2024 00:45:00 +0000

Type	Values Removed	Values Added
References	https://security.netapp.com/advisory/ntap-20240119-0003/

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-10T17:58:30.213Z

Updated: 2025-10-04T00:57:37.206Z

Reserved: 2023-10-31T03:56:58.366Z

Link: CVE-2023-5870

Vulnrichment

Updated: 2024-08-02T08:14:24.816Z

NVD

Status : Modified

Published: 2023-12-10T18:15:07.643

Modified: 2024-11-21T08:42:40.697

Link: CVE-2023-5870

Redhat

Severity : Low

Publid Date: 2023-11-09T00:00:00Z

Links: CVE-2023-5870 - Bugzilla

OpenCVE Enrichment

No data.

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object

JSON object