Documentation says the pg_signal_backend
role cannot signal "a backend owned
by a superuser". On the contrary, it can signal background workers, including
the logical replication launcher. It can signal autovacuum
workers and the
autovacuum
launcher. Signaling autovacuum
workers and those two launchers
provides no meaningful exploit, so exploiting this vulnerability requires a
non-core extension with a less-resilient background worker. For example, a
non-core background worker that does not auto-restart would experience a
denial of service with respect to that particular background worker.
The PostgreSQL project thanks Hemanth Sandrana and Mahendrakar Srinivasarao for reporting this problem.
Affected Version | Fixed In | Fix Published |
---|---|---|
16 | 16.1 | Nov. 9, 2023 |
15 | 15.5 | Nov. 9, 2023 |
14 | 14.10 | Nov. 9, 2023 |
13 | 13.13 | Nov. 9, 2023 |
12 | 12.17 | Nov. 9, 2023 |
11 | 11.22 | Nov. 9, 2023 |
For more information about PostgreSQL versioning, please visit the versioning page.
Overall Score | 2.2 |
---|---|
Component | core server |
Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to [email protected].
For reporting non-security bugs, please see the Report a Bug page.