HomePostgresqlCVE-2023-5870

CVE-2023-5870

LOW
2.2CVSS
Published: 2023-12-10
Updated: 2025-11-04
AI Analysis

Description

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

CVSS Metrics

Vector
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L
Attack Vector
network
Complexity
high
Privileges
high
User Action
none
Scope
unchanged
Confidentiality
none
Integrity
none
Availability
low
Weaknesses
CWE-400NVD-CWE-noinfo

Metadata

Primary Vendor
POSTGRESQL
Published
12/10/2023
Last Modified
11/4/2025
Source
NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

postgresql : postgresqlpostgresql : postgresqlpostgresql : postgresqlpostgresql : postgresqlpostgresql : postgresqlpostgresql : postgresqlredhat : codeready_linux_builder_eusredhat : codeready_linux_builder_eus_for_power_little_endian_eusredhat : codeready_linux_builder_eus_for_power_little_endian_eusredhat : codeready_linux_builder_for_arm64_eusredhat : codeready_linux_builder_for_arm64_eusredhat : codeready_linux_builder_for_arm64_eusredhat : codeready_linux_builder_for_ibm_z_systems_eusredhat : codeready_linux_builder_for_ibm_z_systems_eusredhat : codeready_linux_builder_for_power_little_endian_eusredhat : codeready_linux_builder_for_power_little_endian_eusredhat : software_collectionsredhat : enterprise_linuxredhat : enterprise_linuxredhat : enterprise_linux_eusredhat : enterprise_linux_eusredhat : enterprise_linux_eusredhat : enterprise_linux_eusredhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_arm_64redhat : enterprise_linux_for_ibm_z_systemsredhat : enterprise_linux_for_ibm_z_systems_eusredhat : enterprise_linux_for_ibm_z_systems_eusredhat : enterprise_linux_for_ibm_z_systems_eusredhat : enterprise_linux_for_ibm_z_systems_eusredhat : enterprise_linux_for_power_little_endianredhat : enterprise_linux_for_power_little_endian_eusredhat : enterprise_linux_for_power_little_endian_eusredhat : enterprise_linux_for_power_little_endian_eusredhat : enterprise_linux_for_power_little_endian_eusredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_ausredhat : enterprise_linux_server_tusredhat : enterprise_linux_server_tusredhat : enterprise_linux_server_tus

AI-Powered Remediation

Generate remediation guidance or a C-suite brief for this vulnerability.

Executive Intelligence Brief

View on NIST NVD
CVE-CVE-2023-5870 | LOW Severity | CVEDatabase.com | CVEDatabase.com