PostgreSQL pg_cancel_backend Exploit Allowing DoS on Background Worker
CVE-2023-5870 Published on December 10, 2023
Postgresql: role pg_signal_backend can signal certain superuser processes.
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Vulnerability Analysis
CVE-2023-5870 is exploitable with network access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Timeline
Reported to Red Hat.
Made public. 9 days later.
Weakness Type
What is a Resource Exhaustion Vulnerability?
The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
CVE-2023-5870 has been classified to as a Resource Exhaustion vulnerability or weakness.
Products Associated with CVE-2023-5870
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5870 are published in these products:
Affected Versions
Red Hat Advanced Cluster Security 4.2:- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 4.2.4-6 and below * is unaffected.
- Version 4.2.4-7 and below * is unaffected.
- Version 8090020231114113712.a75119d5 and below * is unaffected.
- Version 8090020231128173330.a75119d5 and below * is unaffected.
- Version 8090020231114113548.a75119d5 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8020020231128165246.4cda2c84 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8040020231127153301.522a0ee4 and below * is unaffected.
- Version 8040020231127154806.522a0ee4 and below * is unaffected.
- Version 8060020231114115246.ad008a3a and below * is unaffected.
- Version 8060020231128165328.ad008a3a and below * is unaffected.
- Version 8080020231114105206.63b34585 and below * is unaffected.
- Version 8080020231128165335.63b34585 and below * is unaffected.
- Version 8080020231113134015.63b34585 and below * is unaffected.
- Version 0:13.13-1.el9_3 and below * is unaffected.
- Version 9030020231120082734.rhel9 and below * is unaffected.
- Version 0:13.13-1.el9_0 and below * is unaffected.
- Version 0:13.13-1.el9_2 and below * is unaffected.
- Version 9020020231115020618.rhel9 and below * is unaffected.
- Version 0:12.17-1.el7 and below * is unaffected.
- Version 0:13.13-1.el7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-7 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 3.74.8-9 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
- Version 4.1.6-6 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.