cvedb.io
CVE-2017-18359
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-01-25T05:29:00.700 · Last modified 2026-06-17T01:12:41.013

Summary

PostGIS 2.x before 2.3.3, as used with PostgreSQL, allows remote attackers to cause a denial of service via crafted ST_AsX3D function input, as demonstrated by an abnormal server termination for "SELECT ST_AsX3D('LINESTRING EMPTY');" because empty geometries are mishandled.

Affected products

postgis — postgis

Does this affect you?

Add your gear to cvedb and we'll alert you only when postgis ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.