VYPR
Unrated severityNVD Advisory· Published May 24, 2006· Updated Jun 16, 2026

CVE-2006-2314

CVE-2006-2314

Description

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

41
  • cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*+ 40 more
    • cpe:2.3:a:postgresql:postgresql:7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.10:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.11:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.12:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.13:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.14:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.8:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.3.9:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.10:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.11:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.12:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.8:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:7.4.9:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0.3:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0.5:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0.6:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.0.7:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:postgresql:postgresql:8.1.3:*:*:*:*:*:*:*
    • (no CPE)range: <8.1.4, <8.0.8, <7.4.13, <7.3.15

Patches

Vulnerability mechanics

References

34

News mentions

0

No linked articles in our index yet.