Vulnerability DatabaseWS-2019-0603
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
WS-2019-0603
October 07, 2019
In PostgreSQL, versions 9.5 prior to REL9_5_20, 9.6 prior to REL9_6_16, 10 prior to REL_10_11, 11 prior to REL_11_6, 12 prior to REL_12_1, are vulnerable to uncontrolled resource consumption, due to a missing if maximum child processes are running when creating a new bgworker. When the postmaster’s child-process arrays are temporarily full, a malicious client can spawn a new bgworker process and crash the postmaster.
Related Resources (6)
https://github.com/postgres/postgres/commit/7e8d0eb63fbb3bf01c9b4a68b12a10864ce53b52
https://github.com/postgres/postgres/commit/1b5c2ddcdefc31619c209716af3b4238968e6ce9
https://github.com/postgres/postgres/commit/c69e982a60fb5b67fb946300209460f35c19daf2
https://github.com/postgres/postgres/commit/021065aac676c96b703b9c7a02da763469a183c1
https://github.com/postgres/postgres/commit/8c2910ce5ed71fa1b70343627069000a4f6f1420
https://github.com/postgres/postgres/commit/3887e9455f812035473eee1cba0cf9c237969998
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
NONE
Vulnerable System Integrity
NONE
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
NONE
Integrity
NONE
Availability
HIGH