CVE-2006-2314

Priority
Description
PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13,
7.3.x before 7.3.15, and earlier versions allows context-dependent
attackers to bypass SQL injection protection methods in applications that
use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the
trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030,
and UHC, which cannot be handled correctly by a client that does not
understand multibyte encodings, aka a second variant of "Encoding-Based SQL
Injection." NOTE: it could be argued that this is a class of issue related
to interaction errors between the client and PostgreSQL, but a CVE has been
assigned since PostgreSQL is treating this as a preventative measure
against this class of problem.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: exim4 (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Source: php5 (LP Ubuntu Debian)
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-19 11:39:05 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)