vulnerability
Ubuntu: (CVE-2020-21469): postgresql-12 vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:L/AC:L/Au:M/C:N/I:N/A:C) | Aug 22, 2023 | Nov 19, 2024 | Jan 28, 2025 |
Severity
4
CVSS
(AV:L/AC:L/Au:M/C:N/I:N/A:C)
Published
Aug 22, 2023
Added
Nov 19, 2024
Modified
Jan 28, 2025
Description
An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
Solution
ubuntu-upgrade-postgresql-12
References
- CVE-2020-21469
- https://attackerkb.com/topics/CVE-2020-21469
- URL-https://www.cve.org/CVERecord?id=CVE-2020-21469
- URL-https://www.postgresql.org/about/news/cve-2020-21469-is-not-a-security-vulnerability-2701/
- URL-https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.