A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Metrics
Affected Vendors & Products
References
History
Sat, 14 Sep 2024 00:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2023-12-10T17:58:30.213Z
Updated: 2024-09-13T23:29:29.353Z
Reserved: 2023-10-31T03:56:58.366Z
Link: CVE-2023-5870
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-12-10T18:15:07.643
Modified: 2024-09-14T00:15:11.853
Link: CVE-2023-5870
Redhat