CVE-2023-5870 — LOW (2.2) — White Hats Nepal

Q: How severe is CVE-2023-5870?

CVE-2023-5870 has been rated LOW with a CVSS base score of 2.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-5870?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder Eus For Power Little Endian Eus, Redhat Codeready Linux Builder For Arm64 Eus, Redhat Codeready Linux Builder For Ibm Z Systems Eus.

Vulnerability Description

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

CVSS Score

2.2

LOW

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Postgresql	Postgresql	>= 11.0, < 11.22
Redhat	Codeready Linux Builder Eus	9.2
Redhat	Codeready Linux Builder Eus For Power Little Endian Eus	9.0_ppc64le
Redhat	Codeready Linux Builder For Arm64 Eus	8.6_aarch64
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	9.0_s390x
Redhat	Codeready Linux Builder For Power Little Endian Eus	9.0_ppc64le
Redhat	Software Collections	1.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux For Arm 64	8.0
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.6_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	8.6_ppc64le
Redhat	Enterprise Linux Server Aus	8.2
Redhat	Enterprise Linux Server Tus	8.2

Related Weaknesses (CWE)

CWE-400

References

https://access.redhat.com/errata/RHSA-2023:7545Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7579Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7580Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7581Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7616Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7656Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7666Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7667Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7694Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7695Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7714Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7770Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7772Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7784
https://access.redhat.com/errata/RHSA-2023:7785

FAQ

What is CVE-2023-5870?

CVE-2023-5870 is a vulnerability with a CVSS score of 2.2 (LOW). A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Succes...

How severe is CVE-2023-5870?

CVE-2023-5870 has been rated LOW with a CVSS base score of 2.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-5870?

Check the references section above for vendor advisories and patch information. Affected products include: Postgresql Postgresql, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder Eus For Power Little Endian Eus, Redhat Codeready Linux Builder For Arm64 Eus, Redhat Codeready Linux Builder For Ibm Z Systems Eus.