Описание
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
A flaw was found in PostgreSQL 12.2. This issue may allow an attacker to cause a denial of service via repeatedly sending SIGHUP signals.
Отчет
This flaw is not actually considered a security vulnerability by upstream and is being disputed. Please check the external reference links for more info.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 8 | postgresql:10/postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:12/postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:13/postgresql | Not affected | ||
| Red Hat Enterprise Linux 8 | postgresql:15/postgresql | Not affected | ||
| Red Hat Enterprise Linux 9 | postgresql | Not affected | ||
| Red Hat Enterprise Linux 9 | postgresql:15/postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql10-postgresql | Fix deferred | ||
| Red Hat Software Collections | rh-postgresql12-postgresql | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
EPSS
4.4 Medium
CVSS3
Связанные уязвимости
** DISPUTED ** An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a ...
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals.
Уязвимость обработчика сигнала HUP (SIGHUP) системы управления базами данных PostgreSQL, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
4.4 Medium
CVSS3