CVE-2023-5870

CVSS v3.1

4.4

Medium

Vector

AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions PostgreSQL (affected versions not specified)

Description The issue is related to the pg signal backend role in PostgreSQL, which allows signaling certain superuser processes. This can be exploited by a remote high-privileged user to launch a denial of service (DoS) attack, affecting specific background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-264

Related Identifiers

ALSA-2023:7581

ALSA-2023:7714

ALSA-2023:7784

ALSA-2023:7785

ALSA-2023:7884

ALT-PU-2023-7057

ALT-PU-2023-7058

ALT-PU-2023-7059

ALT-PU-2023-7060

ALT-PU-2023-7061

ALT-PU-2023-7062

ALT-PU-2023-7081

ALT-PU-2023-7082

ALT-PU-2023-7083

ALT-PU-2023-7086

ALT-PU-2023-7087

ALT-PU-2023-7088

ALT-PU-2023-7089

ALT-PU-2023-7090

ALT-PU-2023-7207

ALT-PU-2023-7479

ALT-PU-2023-7480

ALT-PU-2023-7481

ALT-PU-2023-8221

ALT-PU-2023-8222

ALT-PU-2023-8223

ALT-PU-2023-8224

ALT-PU-2023-8225

ALT-PU-2023-8226

AZL-32105

BDU:2023-07904

BIT-POSTGRESQL-2023-5870

CESA-2023_7581

CESA-2023_7714

CESA-2023_7884

CLEANSTART-2026-AI42483

CLEANSTART-2026-DJ71086

CLEANSTART-2026-EQ51133

CLEANSTART-2026-FW42039

CLEANSTART-2026-GI40937

CLEANSTART-2026-HJ04971

CLEANSTART-2026-JA70776

CLEANSTART-2026-KA40024

CLEANSTART-2026-WY43835

CLEANSTART-2026-ZC18474

CVE-2023-5870

DLA-3651-1

DSA-5553-1

DSA-5554-1

ECHO-FABC-0E89-3AE1

JLSEC-2026-45

MGASA-2023-0324

OESA-2024-2428

OESA-2025-1335

OPENSUSE-SU-2023_4454-1

OPENSUSE-SU-2023_4455-1

OPENSUSE-SU-2023_4479-1

OPENSUSE-SU-2023_4495-1

OPENSUSE-SU-2024:13408-1

OPENSUSE-SU-2024:13409-1

OPENSUSE-SU-2024:13410-1

OPENSUSE-SU-2024:13413-1

OPENSUSE-SU-2024:13414-1

OPENSUSE-SU-2024:13668-1

OPENSUSE-SU-2025:15580-1

RHSA-2023:7545

RHSA-2023:7579

RHSA-2023:7580

RHSA-2023:7581

RHSA-2023:7616

RHSA-2023:7656

RHSA-2023:7666

RHSA-2023:7667

RHSA-2023:7694

RHSA-2023:7695

RHSA-2023:7714

RHSA-2023:7770

RHSA-2023:7772

RHSA-2023:7784

RHSA-2023:7785

RHSA-2023:7883

RHSA-2023:7884

RHSA-2023:7885

RHSA-2023_7581

RHSA-2023_7714

RHSA-2023_7784

RHSA-2023_7785

RHSA-2023_7884

RLSA-2023:7581

RLSA-2023:7714

RLSA-2023:7785

ROSA-SA-2024-2484

ROSA-SA-2024-2485

ROSA-SA-2024-2486

ROSA-SA-2025-2665

ROSA-SA-2025-2666

SUSE-SU-2023:4418-1

SUSE-SU-2023:4425-1

SUSE-SU-2023:4433-1

SUSE-SU-2023:4434-1

SUSE-SU-2023:4454-1

SUSE-SU-2023:4455-1

SUSE-SU-2023:4479-1

SUSE-SU-2023:4495-1

SUSE-SU-2024:0106-1

USN-6538-1

USN-6538-2

USN-6570-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Linuxmint

Postgresql

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

CVE-2023-5870

Weakness Enumeration

Related Identifiers

Affected Products

References · 292