CVE-2020-21469

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
Configurations

Configuration 1 (hide)

cpe:2.3:a:postgresql:postgresql:12.2:*:*:*:*:*:*:*

History

21 Nov 2024, 05:12

Type Values Removed Values Added
References () https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - Exploit, Mailing List, Vendor Advisory () https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - Exploit, Mailing List, Vendor Advisory
References () https://www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - Mailing List () https://www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - Mailing List
References () https://www.postgresql.org/support/security/ - Product () https://www.postgresql.org/support/security/ - Product

08 Feb 2024, 19:25

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 4.4
References (MISC) https://www.postgresql.org/support/security/ - (MISC) https://www.postgresql.org/support/security/ - Product
References (MISC) https://www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - (MISC) https://www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - Mailing List

07 Nov 2023, 03:19

Type Values Removed Values Added
Summary ** DISPUTED ** An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account). An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).

29 Aug 2023, 05:15

Type Values Removed Values Added
References
  • (MISC) https://www.postgresql.org/support/security/ -
  • (MISC) https://www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com -
Summary An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. ** DISPUTED ** An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).

24 Aug 2023, 21:57

Type Values Removed Values Added
CWE CWE-120
References (MISC) https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - (MISC) https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com - Exploit, Mailing List, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 7.5
First Time Postgresql
Postgresql postgresql
CPE cpe:2.3:a:postgresql:postgresql:12.2:*:*:*:*:*:*:*

22 Aug 2023, 20:10

Type Values Removed Values Added
New CVE

Information

Published : 2023-08-22 19:16

Updated : 2024-11-21 05:12


NVD link : CVE-2020-21469

Mitre link : CVE-2020-21469

CVE.ORG link : CVE-2020-21469


JSON object : View

Products Affected

postgresql

  • postgresql
CWE
CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')