vulnerability

Amazon Linux AMI 2: CVE-2023-5870: Security patch for postgresql (Multiple Advisories)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:M/Au:M/C:N/I:N/A:P)

Published

Dec 10, 2023

Added

Jan 23, 2024

Modified

May 20, 2026

Description

A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.

Solutions

amazon-linux-ami-2-upgrade-postgresqlamazon-linux-ami-2-upgrade-postgresql-contribamazon-linux-ami-2-upgrade-postgresql-debuginfoamazon-linux-ami-2-upgrade-postgresql-docsamazon-linux-ami-2-upgrade-postgresql-llvmjitamazon-linux-ami-2-upgrade-postgresql-plperlamazon-linux-ami-2-upgrade-postgresql-plpython2amazon-linux-ami-2-upgrade-postgresql-plpython3amazon-linux-ami-2-upgrade-postgresql-pltclamazon-linux-ami-2-upgrade-postgresql-private-develamazon-linux-ami-2-upgrade-postgresql-private-libsamazon-linux-ami-2-upgrade-postgresql-serveramazon-linux-ami-2-upgrade-postgresql-server-develamazon-linux-ami-2-upgrade-postgresql-staticamazon-linux-ami-2-upgrade-postgresql-testamazon-linux-ami-2-upgrade-postgresql-test-rpm-macrosamazon-linux-ami-2-upgrade-postgresql-upgradeamazon-linux-ami-2-upgrade-postgresql-upgrade-devel

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report