CVE-2006-2313

NameCVE-2006-2313
DescriptionPostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1087-1
NVD severityhigh (attack range: remote)
Debian Bugs368645

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
postgresqlsource(unstable)7.5.4high368645
postgresqlsourcesarge7.4.7-6sarge2highDSA-1087-1
postgresql-7.4source(unstable)1:7.4.13-1high
postgresql-8.1source(unstable)8.1.4-1high

Notes

Beginning with version 7.5.4, postgresql is a transition
package which does not contain actual code. That's why
it's marked as fixed here. (Previous versions are vulnerable.)

Search for package or bug name: Reporting problems