CVE-2020-21469

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2020-21469

CGA ID

CGA-4x8g-73qr-j8vf

Severity

4.4

Medium

CVSS V3

Description

An issue was discovered in PostgreSQL 12.2 allows attackers to cause a denial of service via repeatedly sending SIGHUP signals. NOTE: this is disputed by the vendor because untrusted users cannot send SIGHUP signals; they can only be sent by a PostgreSQL superuser, a user with pg_reload_conf access, or a user with sufficient privileges at the OS level (the postgres account or the root account).

References

https://images.chainguard.dev/security/CGA-4x8g-73qr-j8vf
https://github.com/advisories/GHSA-w8hm-59h4-7ff2
https://www.postgresql.org/message-id/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com
https://www.postgresql.org/message-id/flat/CAA8ZSMqAHDCgo07hqKoM5XJaoQy6Vv76O7966agez4ffyQktkA%40mail.gmail.com
https://www.postgresql.org/support/security/

Affected packages

Advisories are based on vulnerability information provided by Grype from Anchore. Learn how Chainguard creates security advisories.

CVE-2020-21469

Severity

Description

References

Affected packages

Products

Why Chainguard

Customers

Company

Resources