Published: 24/05/2006 Updated: 18/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

PostgreSQL 8.1.x prior to 8.1.4, 8.0.x prior to 8.0.8, 7.4.x prior to 7.4.13, 7.3.x prior to 7.3.15, and previous versions versions allows context-dependent malicious users to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

Vulnerable Product	Search on Vulmon	Subscribe to Product
postgresql postgresql 7.3
postgresql postgresql 7.3.1
postgresql postgresql 7.3.3
postgresql postgresql 7.3.4
postgresql postgresql 7.4.1
postgresql postgresql 7.4.10
postgresql postgresql 7.4.7
postgresql postgresql 7.4.8
postgresql postgresql 8.0.5
postgresql postgresql 8.0.6
postgresql postgresql 7.3.14
postgresql postgresql 7.3.2
postgresql postgresql 7.3.10
postgresql postgresql 7.3.9
postgresql postgresql 7.4
postgresql postgresql 7.4.5
postgresql postgresql 7.4.6
postgresql postgresql 8.0.3
postgresql postgresql 8.0.4
postgresql postgresql 8.1.3
postgresql postgresql 7.3.11
postgresql postgresql 7.3.5
postgresql postgresql 7.3.6
postgresql postgresql 7.4.11
postgresql postgresql 7.4.12
postgresql postgresql 7.4.2
postgresql postgresql 7.4.9
postgresql postgresql 8.0
postgresql postgresql 8.0.7
postgresql postgresql 8.1
postgresql postgresql 7.3.12
postgresql postgresql 7.3.13
postgresql postgresql 7.3.7
postgresql postgresql 7.3.8
postgresql postgresql 7.4.3
postgresql postgresql 7.4.4
postgresql postgresql 8.0.1
postgresql postgresql 8.0.2
postgresql postgresql 8.1.1
postgresql postgresql 8.1.2

Debian Bug report logs - #368645 CVE-2006-2313, CVE-2006-2314: encoding conflicts Package: postgresql; Maintainer for postgresql is Debian PostgreSQL Maintainers <team+postgresql@trackerdebianorg>; Source for postgresql is src:postgresql-common (PTS, buildd, popcon) Reported by: Florian Weimer <fw@denebenyode> Da ...

Several encoding problems have been discovered in PostgreSQL, a popular SQL database The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2006-2313 Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data which could allow an attacker to inject arbit ...

CVE-2006-2313: Akio Ishida and Yasuo Ohgaki discovered a weakness in the handling of invalidly-encoded multibyte text data If a client application processed untrusted input without respecting its encoding and applied standard string escaping techniques (such as replacing a single quote >>‘<< with >>\’<< or &gt ...

USN-288-1 described a PostgreSQL client vulnerability in the way the >>‘<< character is escaped in SQL queries It was determined that the PostgreSQL backends of Exim, Dovecot, and Postfix used this unsafe escaping method ...

USN-288-1 fixed two vulnerabilities in Ubuntu 504 and Ubuntu 510 This update fixes the same vulnerabilities for Ubuntu 606 LTS ...

CVE-2006-2314

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect