Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2006-2313

Published: 24/05/2006 Updated: 18/10/2018
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Postgresql

Vulnerability Summary

PostgreSQL 8.1.x prior to 8.1.4, 8.0.x prior to 8.0.8, 7.4.x prior to 7.4.13, 7.3.x prior to 7.3.15, and previous versions versions allows context-dependent malicious users to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."

Vulnerable Product Search on Vulmon Subscribe to Product

postgresql postgresql 7.3

postgresql postgresql 7.3.2

postgresql postgresql 7.3.3

postgresql postgresql 7.4.1

postgresql postgresql 7.4.10

postgresql postgresql 7.4.6

postgresql postgresql 7.4.7

postgresql postgresql 8.0.4

postgresql postgresql 8.0.5

postgresql postgresql 7.3.13

postgresql postgresql 7.3.14

postgresql postgresql 7.3.8

postgresql postgresql 7.3.9

postgresql postgresql 7.4

postgresql postgresql 7.4.4

postgresql postgresql 7.4.5

postgresql postgresql 8.0.2

postgresql postgresql 8.0.3

postgresql postgresql 8.1.3

postgresql postgresql 7.3.1

postgresql postgresql 7.3.10

postgresql postgresql 7.3.4

postgresql postgresql 7.3.5

postgresql postgresql 7.4.11

postgresql postgresql 7.4.12

postgresql postgresql 7.4.8

postgresql postgresql 7.4.9

postgresql postgresql 8.0.6

postgresql postgresql 8.0.7

postgresql postgresql 7.3.11

postgresql postgresql 7.3.12

postgresql postgresql 7.3.6

postgresql postgresql 7.3.7

postgresql postgresql 7.4.2

postgresql postgresql 7.4.3

postgresql postgresql 8.0

postgresql postgresql 8.0.1

postgresql postgresql 8.1

postgresql postgresql 8.1.1

postgresql postgresql 8.1.2

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2006-2313, CVE-2006-2314: encoding conflicts
Debian Bug report logs - #368645 CVE-2006-2313, CVE-2006-2314: encoding conflicts Package: postgresql; Maintainer for postgresql is Debian PostgreSQL Maintainers <team+postgresql@trackerdebianorg>; Source for postgresql is src:postgresql-common (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Da ...
Debian Security Advisories: DSA-1087-1 postgresql -- programming error
Several encoding problems have been discovered in PostgreSQL, a popular SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2313 Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data which could allow an attacker to inject arbit ...
Ubuntu Security Notice: postgresql-7.4/-8.0, postgresql, psycopg,
CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote >>‘<< with >>\’<< or &gt ...
Ubuntu Security Notice: dovecot, exim4, postfix vulnerabilities
USN-288-1 described a PostgreSQL client vulnerability in the way the >>‘<< character is escaped in SQL queries It was determined that the PostgreSQL backends of Exim, Dovecot, and Postfix used this unsafe escaping method ...
Ubuntu Security Notice: postgresql-8.1 vulnerabilities
USN-288-1 fixed two vulnerabilities in Ubuntu 504 and Ubuntu 510 This update fixes the same vulnerabilities for Ubuntu 606 LTS ...

References

NVD-CWE-Otherhttp://archives.postgresql.org/pgsql-announce/2006-05/msg00010.phphttp://www.postgresql.org/docs/techdocs.50http://www.redhat.com/support/errata/RHSA-2006-0526.htmlhttp://secunia.com/advisories/20231http://secunia.com/advisories/20232http://www.securityfocus.com/bid/18092http://securitytracker.com/id?1016142http://secunia.com/advisories/20314http://www.debian.org/security/2006/dsa-1087http://www.trustix.org/errata/2006/0032/http://secunia.com/advisories/20435http://secunia.com/advisories/20451http://secunia.com/advisories/20503http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.htmlhttp://secunia.com/advisories/20555ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.aschttp://secunia.com/advisories/20782http://www.ubuntu.com/usn/usn-288-2http://security.gentoo.org/glsa/glsa-200607-04.xmlhttp://secunia.com/advisories/21001http://support.avaya.com/elmodocs2/security/ASA-2006-113.htmhttp://secunia.com/advisories/20653http://www.mandriva.com/security/advisories?name=MDKSA-2006:098http://www.vupen.com/english/advisories/2006/1941https://exchange.xforce.ibmcloud.com/vulnerabilities/26627https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10618https://usn.ubuntu.com/288-1/http://www.securityfocus.com/archive/1/435161/100/0/threadedhttp://www.securityfocus.com/archive/1/435038/100/0/threadedhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=368645https://nvd.nist.govhttps://usn.ubuntu.com/288-1/https://www.debian.org/security/./dsa-1087
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook