CVE-2023-5870 - Vulnerability Details

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Postgresql	Postgresql
Redhat	Advanced Cluster Security Codeready Linux Builder Eus Codeready Linux Builder Eus For Power Little Endian Eus Codeready Linux Builder For Arm64 Eus Codeready Linux Builder For Ibm Z Systems Eus Codeready Linux Builder For Power Little Endian Eus Enterprise Linux Enterprise Linux Eus Enterprise Linux For Arm 64 Enterprise Linux For Ibm Z Systems Enterprise Linux For Ibm Z Systems Eus Enterprise Linux For Power Little Endian Enterprise Linux For Power Little Endian Eus Enterprise Linux Server Aus Enterprise Linux Server Tus Rhel Aus Rhel E4s Rhel Eus Rhel Software Collections Rhel Tus Software Collections

Configuration 1 [-]

OR	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql::::::::
	cpe:2.3:a:postgresql:postgresql:16.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:a:redhat:software_collections:1.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*

Package	CPE	Advisory	Released Date
Red Hat Advanced Cluster Security 4.2
advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7	cpe:/a:redhat:advanced_cluster_security:4.2::el8	RHSA-2024:0337	2024-01-22T00:00:00Z
Red Hat Enterprise Linux 8
postgresql:13-8090020231114113712.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7581	2023-11-29T00:00:00Z
postgresql:12-8090020231128173330.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7714	2023-12-11T00:00:00Z
postgresql:15-8090020231114113548.a75119d5	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7884	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 8.2 Advanced Update Support
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_aus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Telecommunications Update Service
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_tus:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions
postgresql:12-8020020231128165246.4cda2c84	cpe:/a:redhat:rhel_e4s:8.2	RHSA-2023:7667	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_aus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Telecommunications Update Service
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_tus:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions
postgresql:12-8040020231127153301.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7694	2023-12-07T00:00:00Z
postgresql:13-8040020231127154806.522a0ee4	cpe:/a:redhat:rhel_e4s:8.4	RHSA-2023:7695	2023-12-07T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
postgresql:13-8060020231114115246.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7580	2023-11-29T00:00:00Z
postgresql:12-8060020231128165328.ad008a3a	cpe:/a:redhat:rhel_eus:8.6	RHSA-2023:7666	2023-12-06T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
postgresql:13-8080020231114105206.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7579	2023-11-29T00:00:00Z
postgresql:12-8080020231128165335.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7656	2023-12-05T00:00:00Z
postgresql:15-8080020231113134015.63b34585	cpe:/a:redhat:rhel_eus:8.8	RHSA-2023:7883	2023-12-20T00:00:00Z
Red Hat Enterprise Linux 9
postgresql-0:13.13-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7784	2023-12-13T00:00:00Z
postgresql:15-9030020231120082734.rhel9	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:7785	2023-12-13T00:00:00Z
Red Hat Enterprise Linux 9.0 Extended Update Support
postgresql-0:13.13-1.el9_0	cpe:/a:redhat:rhel_eus:9.0	RHSA-2023:7545	2023-11-28T00:00:00Z
Red Hat Enterprise Linux 9.2 Extended Update Support
postgresql-0:13.13-1.el9_2	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7616	2023-11-30T00:00:00Z
postgresql:15-9020020231115020618.rhel9	cpe:/a:redhat:rhel_eus:9.2	RHSA-2023:7885	2023-12-20T00:00:00Z
Red Hat Software Collections for Red Hat Enterprise Linux 7
rh-postgresql12-postgresql-0:12.17-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7770	2023-12-13T00:00:00Z
rh-postgresql13-postgresql-0:13.13-1.el7	cpe:/a:redhat:rhel_software_collections:3::el7	RHSA-2023:7772	2023-12-13T00:00:00Z
RHACS-3.74-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:3.74.8-7	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9	cpe:/a:redhat:advanced_cluster_security:3.74::el8	RHSA-2024:0304	2024-01-18T00:00:00Z
RHACS-4.1-RHEL-8
advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-main-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-operator-bundle:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z
advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6	cpe:/a:redhat:advanced_cluster_security:4.1::el8	RHSA-2024:0332	2024-01-22T00:00:00Z

References

Link	Providers
https://access.redhat.com/errata/RHSA-2023:7545
https://access.redhat.com/errata/RHSA-2023:7579
https://access.redhat.com/errata/RHSA-2023:7580
https://access.redhat.com/errata/RHSA-2023:7581
https://access.redhat.com/errata/RHSA-2023:7616
https://access.redhat.com/errata/RHSA-2023:7656
https://access.redhat.com/errata/RHSA-2023:7666
https://access.redhat.com/errata/RHSA-2023:7667
https://access.redhat.com/errata/RHSA-2023:7694
https://access.redhat.com/errata/RHSA-2023:7695
https://access.redhat.com/errata/RHSA-2023:7714
https://access.redhat.com/errata/RHSA-2023:7770
https://access.redhat.com/errata/RHSA-2023:7772
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785
https://access.redhat.com/errata/RHSA-2023:7883
https://access.redhat.com/errata/RHSA-2023:7884
https://access.redhat.com/errata/RHSA-2023:7885
https://access.redhat.com/errata/RHSA-2024:0304
https://access.redhat.com/errata/RHSA-2024:0332
https://access.redhat.com/errata/RHSA-2024:0337
https://access.redhat.com/security/cve/CVE-2023-5870
https://bugzilla.redhat.com/show_bug.cgi?id=2247170
https://nvd.nist.gov/vuln/detail/CVE-2023-5870
https://security.netapp.com/advisory/ntap-20240119-0003/
https://www.cve.org/CVERecord?id=CVE-2023-5870
https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/
https://www.postgresql.org/support/security/CVE-2023-5870/

History

Mon, 02 Dec 2024 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Fri, 22 Nov 2024 12:00:00 +0000

Type	Values Removed	Values Added
References		https://security.netapp.com/advisory/ntap-20240119-0003/

Sat, 14 Sep 2024 00:45:00 +0000

Type	Values Removed	Values Added
References	https://security.netapp.com/advisory/ntap-20240119-0003/

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2023-12-10T17:58:30.213Z

Updated: 2024-12-02T17:04:19.568Z

Reserved: 2023-10-31T03:56:58.366Z

Link: CVE-2023-5870

Vulnrichment

Updated: 2024-08-02T08:14:24.816Z

NVD

Status : Modified

Published: 2023-12-10T18:15:07.643

Modified: 2024-11-21T08:42:40.697

Link: CVE-2023-5870

Redhat

Severity : Low

Publid Date: 2023-11-09T00:00:00Z

Links: CVE-2023-5870 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-5870", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-10-31T03:56:58.366Z", "datePublished": "2023-12-10T17:58:30.213Z", "dateUpdated": "2024-12-02T17:04:19.568Z"}, "containers": {"cna": {"title": "Postgresql: role pg_signal_backend can signal certain superuser processes.", "metrics": [{"other": {"content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack."}], "affected": [{"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.2.4-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8090020231114113712.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8090020231128173330.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8090020231114113548.a75119d5", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8060020231114115246.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8060020231128165328.ad008a3a", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:13", "defaultStatus": "affected", "versions": [{"version": "8080020231114105206.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:12", "defaultStatus": "affected", "versions": [{"version": "8080020231128165335.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "8080020231113134015.63b34585", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_3", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9030020231120082734.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_0", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el9_2", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:15", "defaultStatus": "affected", "versions": [{"version": "9020020231115020618.rhel9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql12-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:12.17-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql13-postgresql", "defaultStatus": "affected", "versions": [{"version": "0:13.13-1.el7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "3.74.8-7", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "3.74.8-9", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-main-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-operator-bundle", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "collectionURL": "https://catalog.redhat.com/software/containers/", "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "defaultStatus": "affected", "versions": [{"version": "4.1.6-6", "lessThan": "*", "versionType": "rpm", "status": "unaffected"}], "cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "unknown", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:10/postgresql", "defaultStatus": "affected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:16/postgresql", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "postgresql:16/postgresql", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"vendor": "Red Hat", "product": "Red Hat Software Collections", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "rh-postgresql10-postgresql", "defaultStatus": "affected", "cpes": ["cpe:/a:redhat:rhel_software_collections:3"]}], "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5870", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", "name": "RHBZ#2247170", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5870/"}], "datePublic": "2023-11-09T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-400", "description": "Uncontrolled Resource Consumption", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption", "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "timeline": [{"lang": "en", "time": "2023-10-31T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-11-09T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "Upstream acknowledges Hemanth Sandrana and Mahendrakar Srinivasarao as the original reporters."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-15T15:11:36.533Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.816Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5870", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", "name": "RHBZ#2247170", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0003/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5870/", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2023-12-19T19:42:25.492582Z", "id": "CVE-2023-5870", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T17:04:19.568Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5870", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", "name": "RHBZ#2247170", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240119-0003/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/", "tags": ["x_transferred"]}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5870/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:14:24.816Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-5870", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2023-12-19T19:42:25.492582Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-02T17:04:12.058Z"}}], "cna": {"title": "Postgresql: role pg_signal_backend can signal certain superuser processes.", "credits": [{"lang": "en", "value": "Upstream acknowledges Hemanth Sandrana and Mahendrakar Srinivasarao as the original reporters."}], "metrics": [{"other": {"type": "Red Hat severity rating", "content": {"value": "Low", "namespace": "https://access.redhat.com/security/updates/classification/"}}}, {"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.2, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "HIGH", "confidentialityImpact": "NONE"}}], "affected": [{"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.2::el8"], "vendor": "Red Hat", "product": "Red Hat Advanced Cluster Security 4.2", "versions": [{"status": "unaffected", "version": "4.2.4-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8090020231114113712.a75119d5", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8090020231128173330.a75119d5", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "versions": [{"status": "unaffected", "version": "8090020231114113548.a75119d5", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "versions": [{"status": "unaffected", "version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_e4s:8.2::appstream", "cpe:/a:redhat:rhel_tus:8.2::appstream", "cpe:/a:redhat:rhel_aus:8.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8020020231128165246.4cda2c84", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "versions": [{"status": "unaffected", "version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "versions": [{"status": "unaffected", "version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8040020231127153301.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_aus:8.4::appstream", "cpe:/a:redhat:rhel_e4s:8.4::appstream", "cpe:/a:redhat:rhel_tus:8.4::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "versions": [{"status": "unaffected", "version": "8040020231127154806.522a0ee4", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "versions": [{"status": "unaffected", "version": "8060020231114115246.ad008a3a", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.6::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.6 Extended Update Support", "versions": [{"status": "unaffected", "version": "8060020231128165328.ad008a3a", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "8080020231114105206.63b34585", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:13", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "8080020231128165335.63b34585", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:12", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:8.8::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8.8 Extended Update Support", "versions": [{"status": "unaffected", "version": "8080020231113134015.63b34585", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream", "cpe:/a:redhat:enterprise_linux:9::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "0:13.13-1.el9_3", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:enterprise_linux:9::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "versions": [{"status": "unaffected", "version": "9030020231120082734.rhel9", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.0::appstream", "cpe:/a:redhat:rhel_eus:9.0::crb"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.0 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:13.13-1.el9_0", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::crb", "cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "0:13.13-1.el9_2", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_eus:9.2::appstream"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9.2 Extended Update Support", "versions": [{"status": "unaffected", "version": "9020020231115020618.rhel9", "lessThan": "*", "versionType": "rpm"}], "packageName": "postgresql:15", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"], "vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "versions": [{"status": "unaffected", "version": "0:12.17-1.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-postgresql12-postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:rhel_software_collections:3::el7"], "vendor": "Red Hat", "product": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "versions": [{"status": "unaffected", "version": "0:13.13-1.el7", "lessThan": "*", "versionType": "rpm"}], "packageName": "rh-postgresql13-postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-7", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:3.74::el8"], "vendor": "Red Hat", "product": "RHACS-3.74-RHEL-8", "versions": [{"status": "unaffected", "version": "3.74.8-9", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-central-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-main-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-operator-bundle", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/a:redhat:advanced_cluster_security:4.1::el8"], "vendor": "Red Hat", "product": "RHACS-4.1-RHEL-8", "versions": [{"status": "unaffected", "version": "4.1.6-6", "lessThan": "*", "versionType": "rpm"}], "packageName": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8", "collectionURL": "https://catalog.redhat.com/software/containers/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:6"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unknown"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:7"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "packageName": "postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "postgresql:10/postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:8"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "packageName": "postgresql:16/postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/o:redhat:enterprise_linux:9"], "vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "packageName": "postgresql:16/postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "unaffected"}, {"cpes": ["cpe:/a:redhat:rhel_software_collections:3"], "vendor": "Red Hat", "product": "Red Hat Software Collections", "packageName": "rh-postgresql10-postgresql", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "defaultStatus": "affected"}], "timeline": [{"lang": "en", "time": "2023-10-31T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2023-11-09T00:00:00+00:00", "value": "Made public."}], "datePublic": "2023-11-09T00:00:00+00:00", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:7545", "name": "RHSA-2023:7545", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7579", "name": "RHSA-2023:7579", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7580", "name": "RHSA-2023:7580", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7581", "name": "RHSA-2023:7581", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7616", "name": "RHSA-2023:7616", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7656", "name": "RHSA-2023:7656", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7666", "name": "RHSA-2023:7666", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7667", "name": "RHSA-2023:7667", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7694", "name": "RHSA-2023:7694", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7695", "name": "RHSA-2023:7695", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7714", "name": "RHSA-2023:7714", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7770", "name": "RHSA-2023:7770", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7772", "name": "RHSA-2023:7772", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7784", "name": "RHSA-2023:7784", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7785", "name": "RHSA-2023:7785", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7883", "name": "RHSA-2023:7883", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7884", "name": "RHSA-2023:7884", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2023:7885", "name": "RHSA-2023:7885", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0304", "name": "RHSA-2024:0304", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0332", "name": "RHSA-2024:0332", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/errata/RHSA-2024:0337", "name": "RHSA-2024:0337", "tags": ["vendor-advisory", "x_refsource_REDHAT"]}, {"url": "https://access.redhat.com/security/cve/CVE-2023-5870", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170", "name": "RHBZ#2247170", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"url": "https://www.postgresql.org/support/security/CVE-2023-5870/"}], "workarounds": [{"lang": "en", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-400", "description": "Uncontrolled Resource Consumption"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-11-15T15:11:36.533Z"}, "x_redhatCweChain": "CWE-400: Uncontrolled Resource Consumption"}}, "cveMetadata": {"cveId": "CVE-2023-5870", "state": "PUBLISHED", "dateUpdated": "2024-12-02T17:04:19.568Z", "dateReserved": "2023-10-31T03:56:58.366Z", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2023-12-10T17:58:30.213Z", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "1D407A29-CAB0-425B-87B6-F2487FAE6B71", "versionEndExcluding": "11.22", "versionStartIncluding": "11.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "13B24306-F52A-47E4-A7E4-EA7E46F850EF", "versionEndExcluding": "12.17", "versionStartIncluding": "12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "AA77ED73-60C6-4666-9355-7C28CD774001", "versionEndExcluding": "13.13", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "7F2D30CB-C04F-4B6A-8E82-7DDC98B10D21", "versionEndExcluding": "14.10", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*", "matchCriteriaId": "E8883865-D864-497D-B39C-90D3ACC6A932", "versionEndExcluding": "15.5", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:postgresql:postgresql:16.0:*:*:*:*:*:*:*", "matchCriteriaId": "654E69F1-844B-4E32-9C3D-FA8032FB3A61", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "936B046D-ADEB-4701-8957-AC28CFA9C5C9", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "56CE19E2-F92D-4C36-9319-E6CD4766D0D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_eus_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "056DABF5-0C1D-4EBA-B02B-443BACB20D6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:8.6_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "02F08DBD-4BD0-408D-B817-04B2EB82137E", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.0_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "CDE46FD5-B415-49B7-BF2D-E76D068C3920", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_arm64_eus:9.2_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "09AAD850-019A-46B8-A5A1-845DE048D30A", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "A4E39B04-D3E5-4106-8A8F-0C496FF9997F", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "86034E5B-BCDD-4AFD-A460-38E790F608F5", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "7F6967B4-C62B-4252-B5C3-50532B9EA3FB", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "C2ED1251-245C-4390-8964-DDCAD54A8957", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "9D7EE4B6-A6EC-4B9B-91DF-79615796673F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "6C3741B8-851F-475D-B428-523F4F722350", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "62C31522-0A17-4025-B269-855C7F4B45C2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "4DDA3E5A-8754-4C48-9A27-E2415F8A6000", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "3C74F6FA-FA6C-4648-9079-91446E45EE47", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "3F797F2E-00E6-4D03-A94E-524227529A0A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.8_aarch64:*:*:*:*:*:*:*", "matchCriteriaId": "F7F8A347-0ACE-40E4-BF7B-656D66DDB425", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "B758EDC9-6421-422C-899E-A273D2936D8E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "22C65F53-D624-48A9-A9B7-4C78A31E19F9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.0_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "0CC06C2A-64A5-4302-B754-A4DC0E12FE7C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:9.2_s390x:*:*:*:*:*:*:*", "matchCriteriaId": "26041661-0280-4544-AA0A-BC28FCED4699", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "D9C30C59-07F7-4CCE-B057-052ECCD36DB8", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "F91F9255-4EE1-43C7-8831-D2B6C228BFD9", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.0_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "62D3FD78-5B63-4A1B-B4EE-9B098844691E", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:9.2_ppc64le:*:*:*:*:*:*:*", "matchCriteriaId": "99952557-C766-4B9E-8BF5-DBBA194349FF", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "6897676D-53F9-45B3-B27F-7FF9A4C58D33", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "E28F226A-CBC7-4A32-BE58-398FA5B42481", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "76C24D94-834A-4E9D-8F73-624AFA99AAA2", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:9.2:*:*:*:*:*:*:*", "matchCriteriaId": "F32CA554-F9D7-425B-8F1C-89678507F28C", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "matchCriteriaId": "B09ACF2D-D83F-4A86-8185-9569605D8EE1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "matchCriteriaId": "AC10D919-57FD-4725-B8D2-39ECB476902F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "1272DF03-7674-4BD4-8E64-94004B195448", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en PostgreSQL que involucra la funci\u00f3n pg_cancel_backend que se\u00f1ala a los trabajadores en segundo plano, incluido el iniciador de replicaci\u00f3n l\u00f3gica, los trabajadores de autovacuum y el iniciador de autovacuum. La explotaci\u00f3n exitosa requiere una extensi\u00f3n no central con un trabajador en segundo plano menos resistente y afectar\u00eda \u00fanicamente a ese trabajador en segundo plano espec\u00edfico. Este problema puede permitir que un usuario remoto con privilegios elevados lance un ataque de denegaci\u00f3n de servicio (DoS)."}], "id": "CVE-2023-5870", "lastModified": "2024-11-21T08:42:40.697", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 2.2, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 1.4, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 0.7, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-10T18:15:07.643", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "secalert@redhat.com", "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5870"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-5870/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7545"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7579"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7580"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7581"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7616"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7656"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7666"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7695"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7714"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7770"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2023:7772"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7784"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7785"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7883"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7884"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2023:7885"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0304"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0332"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2024:0337"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-5870"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240119-0003/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.postgresql.org/support/security/CVE-2023-5870/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Upstream acknowledges Hemanth Sandrana and Mahendrakar Srinivasarao as the original reporters.", "affected_release": [{"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.2.4-6", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0337", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.2::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.2.4-7", "product_name": "Red Hat Advanced Cluster Security 4.2", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2023:7581", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:13-8090020231114113712.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7714", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:12-8090020231128173330.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-11T00:00:00Z"}, {"advisory": "RHSA-2023:7884", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "postgresql:15-8090020231114113548.a75119d5", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_tus:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Telecommunications Update Service", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7667", "cpe": "cpe:/a:redhat:rhel_e4s:8.2", "package": "postgresql:12-8020020231128165246.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7694", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:12-8040020231127153301.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7695", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "postgresql:13-8040020231127154806.522a0ee4", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2023-12-07T00:00:00Z"}, {"advisory": "RHSA-2023:7580", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:13-8060020231114115246.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7666", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "postgresql:12-8060020231128165328.ad008a3a", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2023-12-06T00:00:00Z"}, {"advisory": "RHSA-2023:7579", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:13-8080020231114105206.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-11-29T00:00:00Z"}, {"advisory": "RHSA-2023:7656", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:12-8080020231128165335.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-05T00:00:00Z"}, {"advisory": "RHSA-2023:7883", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "postgresql:15-8080020231113134015.63b34585", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7784", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql-0:13.13-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7785", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "postgresql:15-9030020231120082734.rhel9", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7545", "cpe": "cpe:/a:redhat:rhel_eus:9.0", "package": "postgresql-0:13.13-1.el9_0", "product_name": "Red Hat Enterprise Linux 9.0 Extended Update Support", "release_date": "2023-11-28T00:00:00Z"}, {"advisory": "RHSA-2023:7616", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql-0:13.13-1.el9_2", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-11-30T00:00:00Z"}, {"advisory": "RHSA-2023:7885", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "postgresql:15-9020020231115020618.rhel9", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2023-12-20T00:00:00Z"}, {"advisory": "RHSA-2023:7770", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql12-postgresql-0:12.17-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2023:7772", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-postgresql13-postgresql-0:13.13-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2023-12-13T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:3.74.8-7", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0304", "cpe": "cpe:/a:redhat:advanced_cluster_security:3.74::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:3.74.8-9", "product_name": "RHACS-3.74-RHEL-8", "release_date": "2024-01-18T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-central-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-main-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-operator-bundle:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}, {"advisory": "RHSA-2024:0332", "cpe": "cpe:/a:redhat:advanced_cluster_security:4.1::el8", "package": "advanced-cluster-security/rhacs-scanner-db-slim-rhel8:4.1.6-6", "product_name": "RHACS-4.1-RHEL-8", "release_date": "2024-01-22T00:00:00Z"}], "bugzilla": {"description": "postgresql: Role pg_signal_backend can signal certain superuser processes.", "id": "2247170", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2247170"}, "csaw": false, "cvss3": {"cvss3_base_score": "2.2", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L", "status": "verified"}, "cwe": "CWE-400", "details": ["A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.", "A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2023-5870", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "postgresql", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "postgresql:10/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "postgresql:16/postgresql", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Fix deferred", "package_name": "rh-postgresql10-postgresql", "product_name": "Red Hat Software Collections"}], "public_date": "2023-11-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-5870\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-5870\nhttps://www.postgresql.org/about/news/postgresql-161-155-1410-1313-1217-and-1122-released-2749/\nhttps://www.postgresql.org/support/security/CVE-2023-5870/"], "threat_severity": "Low"}

Metrics

Attack Vector Network

Attack Complexity High

Privileges Required High

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object