CVE-2020-21469
First published: Tue Aug 22 2023(Updated: )
** DISPUTED ** An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| PostgreSQL PostgreSQL | =12.2 | |
| =12.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2020-21469.
What is the severity level of CVE-2020-21469?
CVE-2020-21469 has a severity level of high.
How does CVE-2020-21469 affect PostgreSQL?
CVE-2020-21469 allows attackers to cause a denial of service in PostgreSQL 12.2.
How can an attacker exploit CVE-2020-21469?
An attacker can exploit CVE-2020-21469 by repeatedly sending SIGHUP signals.
Are untrusted users able to exploit CVE-2020-21469?
No, untrusted users cannot send SIGHUP signals. Only PostgreSQL superusers or users with pg_relo can send these signals.
- agent/author
- agent/type
- agent/event
- agent/first-publish-date
- agent/references
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/status
- agent/description
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- status/disputed
- vendor/postgresql
- canonical/postgresql postgresql
- version/postgresql postgresql/12.2