Launchpad CVE tracker

CVE 2023-5870

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

Related bugs and status

CVE-2023-5870 (Candidate) is related to these bugs:

Bug #2040469: New upstream microreleases 12.17, 14.10, and 15.5

		In	Importance	Status
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-12 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-14 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Noble)	Undecided	Invalid
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-12 (Ubuntu Focal)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-14 (Ubuntu Jammy)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Mantic)	Undecided	Fix Released
2040469	New upstream microreleases 12.17, 14.10, and 15.5	postgresql-15 (Ubuntu Lunar)	Undecided	Fix Released

Bug #2043435: [Debian] High CVE: CVE-2023-5868/CVE-2023-5869/CVE-2023-5870/CVE-2023-39417 postgresql-13 : multiple CVEs

Summary				In	Importance	Status
	2043435	[Debian] High CVE: CVE-2023-5868/CVE-2023-5869/CVE-2023-5870/CVE-2023-39417 postgresql-13 : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-5870

References