Lucene search

[email protected]NVD:CVE-2006-2314

HistoryMay 24, 2006 - 10:06 a.m.

CVE-2006-2314

2006-05-2410:06:00

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.012

Percentile

85.2%

JSON

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of “Encoding-Based SQL Injection.” NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

Affected configurations

Nvd

Node

postgresqlpostgresqlMatch7.3

postgresqlpostgresqlMatch7.3.1

postgresqlpostgresqlMatch7.3.2

postgresqlpostgresqlMatch7.3.3

postgresqlpostgresqlMatch7.3.4

postgresqlpostgresqlMatch7.3.5

postgresqlpostgresqlMatch7.3.6

postgresqlpostgresqlMatch7.3.7

postgresqlpostgresqlMatch7.3.8

postgresqlpostgresqlMatch7.3.9

postgresqlpostgresqlMatch7.3.10

postgresqlpostgresqlMatch7.3.11

postgresqlpostgresqlMatch7.3.12

postgresqlpostgresqlMatch7.3.13

postgresqlpostgresqlMatch7.3.14

postgresqlpostgresqlMatch7.4

postgresqlpostgresqlMatch7.4.1

postgresqlpostgresqlMatch7.4.2

postgresqlpostgresqlMatch7.4.3

postgresqlpostgresqlMatch7.4.4

postgresqlpostgresqlMatch7.4.5

postgresqlpostgresqlMatch7.4.6

postgresqlpostgresqlMatch7.4.7

postgresqlpostgresqlMatch7.4.8

postgresqlpostgresqlMatch7.4.9

postgresqlpostgresqlMatch7.4.10

postgresqlpostgresqlMatch7.4.11

postgresqlpostgresqlMatch7.4.12

postgresqlpostgresqlMatch8.0

postgresqlpostgresqlMatch8.0.1

postgresqlpostgresqlMatch8.0.2

postgresqlpostgresqlMatch8.0.3

postgresqlpostgresqlMatch8.0.4

postgresqlpostgresqlMatch8.0.5

postgresqlpostgresqlMatch8.0.6

postgresqlpostgresqlMatch8.0.7

postgresqlpostgresqlMatch8.1

postgresqlpostgresqlMatch8.1.1

postgresqlpostgresqlMatch8.1.2

postgresqlpostgresqlMatch8.1.3

VendorProductVersionCPE
postgresqlpostgresql7.3cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
postgresqlpostgresql7.3.1cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
postgresqlpostgresql7.3.2cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
postgresqlpostgresql7.3.3cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
postgresqlpostgresql7.3.4cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
postgresqlpostgresql7.3.5cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
postgresqlpostgresql7.3.6cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
postgresqlpostgresql7.3.7cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
postgresqlpostgresql7.3.8cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
postgresqlpostgresql7.3.9cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
postgresql	postgresql	7.3	cpe:2.3:a:postgresql:postgresql:7.3:::::::*
postgresql	postgresql	7.3.1	cpe:2.3:a:postgresql:postgresql:7.3.1:::::::*
postgresql	postgresql	7.3.2	cpe:2.3:a:postgresql:postgresql:7.3.2:::::::*
postgresql	postgresql	7.3.3	cpe:2.3:a:postgresql:postgresql:7.3.3:::::::*
postgresql	postgresql	7.3.4	cpe:2.3:a:postgresql:postgresql:7.3.4:::::::*
postgresql	postgresql	7.3.5	cpe:2.3:a:postgresql:postgresql:7.3.5:::::::*
postgresql	postgresql	7.3.6	cpe:2.3:a:postgresql:postgresql:7.3.6:::::::*
postgresql	postgresql	7.3.7	cpe:2.3:a:postgresql:postgresql:7.3.7:::::::*
postgresql	postgresql	7.3.8	cpe:2.3:a:postgresql:postgresql:7.3.8:::::::*
postgresql	postgresql	7.3.9	cpe:2.3:a:postgresql:postgresql:7.3.9:::::::*