VDB
ALPINE-CVE-2023-5870
ALPINE-CVE-2023-5870
PUBLISHED
CVSS 4.400000095367432 MEDIUM
A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Risk Scores
CVSS v3.1
4.400000095367432
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.18 | postgresql15 | 15.2-r0, 15.2-r1, 15.2-r2 |
| Alpine:v3.17 | postgresql14 | 14.6-r1, 14.5-r3, 14.0-r5 |
| Alpine:v3.20 | postgresql15 | 15.2-r2, 0, 15.1-r0 |
| Alpine:v3.18 | postgresql14 | 9.6.0-r0, 14.1-r2, 14.1-r1 |
| Alpine:v3.19 | postgresql15 | 15.2-r0, 15.1-r0, 0 |
| Alpine:v3.15 | postgresql14 | 8.3.5-r0, 11.3-r0, 0 |
| Alpine:v3.16 | postgresql14 | 8.4.3-r1, 9.5.3-r1, 9.5.3-r0 |
| Alpine:v3.22 | postgresql16 | 16.0-r1, 0, 16.0-r0 |
| Alpine:v3.21 | postgresql16 | 16.0-r0, 16.0-r2, 16.0-r1 |
| Alpine:v3.17 | postgresql15 | 15.4-r0, 15.4-r0, 15.3-r0 |
| Alpine:v3.20 | postgresql16 | 0, 16.0-r2, 16.0-r1 |
| Alpine:v3.19 | postgresql16 | 16.0-r0, 16.0-r2, 0 |
Timeline
- Dec 10, 2023 CVE Published
- Nov 19, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch