Описание
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attac ...
PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.
Уязвимость функции ST_AsX3D модуля обработки географических объектов в PostgreSQL PostGIS, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
7.5 High
CVSS3
5 Medium
CVSS2