CVE-2020-21469

Name of the Vulnerable Software and Affected Versions PostgreSQL version 12.2

Description The issue is related to a buffer copy without checking the size of the input data in the signal handler for SIGHUP signals in PostgreSQL. This could potentially allow a remote attacker to cause a denial of service. However, it is noted that this issue is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg reload conf access, or a user with sufficient privileges at the OS level.

Recommendations For PostgreSQL version 12.2, consider restricting access to the signal handler for SIGHUP signals to only trusted users, such as PostgreSQL superusers or users with pg reload conf access, to minimize the risk of exploitation. As a temporary workaround, consider disabling the signal handler for SIGHUP signals until a patch is available or the issue is otherwise resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.