Denial of Service Vulnerability in PostgreSQL by PostgreSQL Global Development Group
CVE-2020-21469

4.4MEDIUM

Key Information:

Vendor: Postgresql
Status: Postgresql
Vendor: CVE Published:; 22 August 2023

Summary

A vulnerability in PostgreSQL 12.2 allows for a denial of service by sending SIGHUP signals repeatedly. Although the ability to send these signals is limited to PostgreSQL superusers or users with specific privileges, the concern highlights the importance of implementation controls. Unauthorized users cannot initiate this process, which suggests that the impact is primarily on users with advanced permissions. Thorough configuration management and user access controls are essential for protecting databases against such vulnerabilities.

References

https://www.postgresql.org/support/security/

https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqK...

https://www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo...

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 22, 2023
Vulnerability Reserved
Aug 13, 2020