Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2017-18359: #3704 (ST_AsX3D returns random data

PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for “SELECT ST_AsX3D(‘LINESTRING EMPTY’);” because empty geometries are mishandled.

CVE
#sql#windows#dos

#3704 closed defect (fixed)****ST_AsX3D returns random data / crashes client

Reported by:

Owned by:

robe

Priority:

critical

Milestone:

PostGIS 2.3.3

Component:

postgis

Version:

2.3.x

Keywords:

Cc:

Testing ST_AsX3D on various geometries gives varied and interesting results with PostGIS 2.3 on Windows. I think these are critical bugs, because they return random data or crash the client.

SELECT ST_AsX3D('POINT EMPTY');

has unexpected behavior, often returning a zero-length string, or random junk like @ or 2.3.dll, but sometimes raising:

ERROR: invalid byte sequence for encoding "UTF8": 0xec 0xa3

SELECT ST_AsX3D('LINESTRING EMPTY');

kills the client:

server closed the connection unexpectedly

This probably means the server terminated abnormally before or while processing the request.

The connection to the server was lost. Attempting reset: Failed. !>

Non-critical bugs with other geometry types will be filed in the next bug report…

Change History (5)

Owner:

changed from pramsey to robe

Resolution:

→ fixed

Status:

new → closed

Note: See TracTickets for help on using tickets.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907