CVE-2023-5870

moderate-risk

Published 2023-12-10

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

Do I need to act?

0.62% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 2.2/10 Low

NETWORK / HIGH complexity

Affected Products (20)

Postgresql

Codeready Linux Builder Eus

Codeready Linux Builder Eus For Power Little Endian Eus

Codeready Linux Builder For Arm64 Eus

Codeready Linux Builder For Ibm Z Systems Eus

Codeready Linux Builder For Power Little Endian Eus

Software Collections

Enterprise Linux

Enterprise Linux Eus

Enterprise Linux For Arm 64

Affected Vendors

Redhat Postgresql

References (52)

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7545

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7579

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7580

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7581

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7616

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7656

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7666

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7667

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7694

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7695

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7714

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7770

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:7772

https://access.redhat.com/errata/RHSA-2023:7784

https://access.redhat.com/errata/RHSA-2023:7785

https://access.redhat.com/errata/RHSA-2023:7883

https://access.redhat.com/errata/RHSA-2023:7884

https://access.redhat.com/errata/RHSA-2023:7885

https://access.redhat.com/errata/RHSA-2024:0304

https://access.redhat.com/errata/RHSA-2024:0332

and 32 more references

/ 100

moderate-risk

Severity 9/34 · Low

Exploitability 2/34 · Minimal

Exposure 24/34 · High