CVE-2006-2314

Name of the Vulnerable Software and Affected Versions PostgreSQL versions 8.1.x through 8.1.3 PostgreSQL versions 8.0.x through 8.0.7 PostgreSQL versions 7.4.x through 7.4.12 PostgreSQL versions 7.3.x through 7.3.14 PostgreSQL versions prior to 7.3.15

Description The issue allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings, such as SJIS, BIG5, GBK, GB18030, and UHC. This is due to the inability of clients that do not understand multibyte encodings to handle the "" (backslash) byte 0x5c correctly when it is the trailing byte of a multibyte character. The practice of escaping ASCII single quote "'" by turning it into "'" is unsafe when operating in these multibyte encodings.

Recommendations For PostgreSQL versions 8.1.x through 8.1.3, update to version 8.1.4 or later. For PostgreSQL versions 8.0.x through 8.0.7, update to version 8.0.8 or later. For PostgreSQL versions 7.4.x through 7.4.12, update to version 7.4.13 or later. For PostgreSQL versions 7.3.x through 7.3.14, update to version 7.3.15 or later. For PostgreSQL versions prior to 7.3.15, update to version 7.3.15 or later.