Headline
CVE-2017-18359: #3704 (ST_AsX3D returns random data
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for “SELECT ST_AsX3D(‘LINESTRING EMPTY’);” because empty geometries are mishandled.
#3704 closed defect (fixed)****ST_AsX3D returns random data / crashes client
Reported by:
Owned by:
robe
Priority:
critical
Milestone:
PostGIS 2.3.3
Component:
postgis
Version:
2.3.x
Keywords:
Cc:
Testing ST_AsX3D on various geometries gives varied and interesting results with PostGIS 2.3 on Windows. I think these are critical bugs, because they return random data or crash the client.
SELECT ST_AsX3D('POINT EMPTY');
has unexpected behavior, often returning a zero-length string, or random junk like @ or 2.3.dll, but sometimes raising:
ERROR: invalid byte sequence for encoding "UTF8": 0xec 0xa3
SELECT ST_AsX3D('LINESTRING EMPTY');
kills the client:
server closed the connection unexpectedly
This probably means the server terminated abnormally before or while processing the request.
The connection to the server was lost. Attempting reset: Failed. !>
Non-critical bugs with other geometry types will be filed in the next bug report…
Change History (5)
Owner:
changed from pramsey to robe
Resolution:
→ fixed
Status:
new → closed
Note: See TracTickets for help on using tickets.