CVE-2023-5870 LOW

CVE-2023-5870: Postgresql: role pg_signal_backend can signal certain superuser processes.

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-400
Published December 10, 2023
Last update March 2, 2026

CVSS base score

2.2/10
Attack vector Network
Attack complexity High
Privileges required High
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

What the vulnerability does

01Description

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

Key dates

02Disclosure timeline

December 10, 2023 CVE published
March 2, 2026 Record updated