Documentation says the pg_signal_backend role cannot signal "a backend owned
by a superuser". On the contrary, it can signal background workers, including
the logical replication launcher. It can signal autovacuum workers and the
autovacuum launcher. Signaling autovacuum workers and those two launchers
provides no meaningful exploit, so exploiting this vulnerability requires a
non-core extension with a less-resilient background worker. For example, a
non-core background worker that does not auto-restart would experience a
denial of service with respect to that particular background worker.
The PostgreSQL project thanks Hemanth Sandrana and Mahendrakar Srinivasarao for reporting this problem.
| Affected Version | Fixed In | Fix Published |
|---|---|---|
| 16 | 16.1 | 2023-11-09 |
| 15 | 15.5 | 2023-11-09 |
| 14 | 14.10 | 2023-11-09 |
| 13 | 13.13 | 2023-11-09 |
| 12 | 12.17 | 2023-11-09 |
| 11 | 11.22 | 2023-11-09 |
For more information about PostgreSQL versioning, please visit the versioning page.
| Overall Score | 2.2 |
|---|---|
| Component | core server |
| Vector | AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L |
If you wish to report a new security vulnerability in PostgreSQL, please send an email to security@postgresql.org.
For reporting non-security bugs, please see the Report a Bug page.