A flaw was found in PostgreSQL involving the pg_cancel_backend role that signals background workers, including the logical replication launcher, autovacuum workers, and the autovacuum launcher. Successful exploitation requires a non-core extension with a less-resilient background worker and would affect that specific background worker only. This issue may allow a remote high privileged user to launch a denial of service (DoS) attack.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 11.0 (including) | 11.22 (excluding) |
Postgresql | Postgresql | 12.0 (including) | 12.17 (excluding) |
Postgresql | Postgresql | 13.0 (including) | 13.13 (excluding) |
Postgresql | Postgresql | 14.0 (including) | 14.10 (excluding) |
Postgresql | Postgresql | 15.0 (including) | 15.5 (excluding) |
Postgresql | Postgresql | 16.0 (including) | 16.0 (including) |