A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Fixes

Solution

No solution given by the vendor.


Workaround

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

History

Mon, 02 Dec 2024 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 12:00:00 +0000

Type Values Removed Values Added
References

Sat, 14 Sep 2024 00:45:00 +0000

Type Values Removed Values Added
References

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2025-09-26T08:03:54.052Z

Reserved: 2023-10-31T03:56:58.366Z

Link: CVE-2023-5870

cve-icon Vulnrichment

Updated: 2024-08-02T08:14:24.816Z

cve-icon NVD

Status : Modified

Published: 2023-12-10T18:15:07.643

Modified: 2024-11-21T08:42:40.697

Link: CVE-2023-5870

cve-icon Redhat

Severity : Low

Publid Date: 2023-11-09T00:00:00Z

Links: CVE-2023-5870 - Bugzilla

cve-icon OpenCVE Enrichment

No data.