Описание
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | postgresql | Out of support scope | ||
| Red Hat Enterprise Linux 7 | postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:10/postgresql | Fix deferred | ||
| Red Hat Enterprise Linux 8 | postgresql:16/postgresql | Not affected | ||
| Red Hat Enterprise Linux 9 | postgresql:16/postgresql | Not affected | ||
| Red Hat Software Collections | rh-postgresql10-postgresql | Fix deferred | ||
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-central-db-rhel8 | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-main-rhel8 | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-operator-bundle | Fixed | RHSA-2024:0337 | 22.01.2024 |
| Red Hat Advanced Cluster Security 4.2 | advanced-cluster-security/rhacs-scanner-db-rhel8 | Fixed | RHSA-2024:0337 | 22.01.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.2 Low
CVSS3
Связанные уязвимости
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
A flaw was found in PostgreSQL involving the pg_cancel_backend role th ...
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
EPSS
2.2 Low
CVSS3