PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of Encoding-Based SQL Injection. NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Postgresql | Postgresql | 7.3 (including) | 7.3 (including) |
Postgresql | Postgresql | 7.3.1 (including) | 7.3.1 (including) |
Postgresql | Postgresql | 7.3.2 (including) | 7.3.2 (including) |
Postgresql | Postgresql | 7.3.3 (including) | 7.3.3 (including) |
Postgresql | Postgresql | 7.3.4 (including) | 7.3.4 (including) |
Postgresql | Postgresql | 7.3.5 (including) | 7.3.5 (including) |
Postgresql | Postgresql | 7.3.6 (including) | 7.3.6 (including) |
Postgresql | Postgresql | 7.3.7 (including) | 7.3.7 (including) |
Postgresql | Postgresql | 7.3.8 (including) | 7.3.8 (including) |
Postgresql | Postgresql | 7.3.9 (including) | 7.3.9 (including) |
Postgresql | Postgresql | 7.3.10 (including) | 7.3.10 (including) |
Postgresql | Postgresql | 7.3.11 (including) | 7.3.11 (including) |
Postgresql | Postgresql | 7.3.12 (including) | 7.3.12 (including) |
Postgresql | Postgresql | 7.3.13 (including) | 7.3.13 (including) |
Postgresql | Postgresql | 7.3.14 (including) | 7.3.14 (including) |
Postgresql | Postgresql | 7.4 (including) | 7.4 (including) |
Postgresql | Postgresql | 7.4.1 (including) | 7.4.1 (including) |
Postgresql | Postgresql | 7.4.2 (including) | 7.4.2 (including) |
Postgresql | Postgresql | 7.4.3 (including) | 7.4.3 (including) |
Postgresql | Postgresql | 7.4.4 (including) | 7.4.4 (including) |
Postgresql | Postgresql | 7.4.5 (including) | 7.4.5 (including) |
Postgresql | Postgresql | 7.4.6 (including) | 7.4.6 (including) |
Postgresql | Postgresql | 7.4.7 (including) | 7.4.7 (including) |
Postgresql | Postgresql | 7.4.8 (including) | 7.4.8 (including) |
Postgresql | Postgresql | 7.4.9 (including) | 7.4.9 (including) |
Postgresql | Postgresql | 7.4.10 (including) | 7.4.10 (including) |
Postgresql | Postgresql | 7.4.11 (including) | 7.4.11 (including) |
Postgresql | Postgresql | 7.4.12 (including) | 7.4.12 (including) |
Postgresql | Postgresql | 8.0 (including) | 8.0 (including) |
Postgresql | Postgresql | 8.0.1 (including) | 8.0.1 (including) |
Postgresql | Postgresql | 8.0.2 (including) | 8.0.2 (including) |
Postgresql | Postgresql | 8.0.3 (including) | 8.0.3 (including) |
Postgresql | Postgresql | 8.0.4 (including) | 8.0.4 (including) |
Postgresql | Postgresql | 8.0.5 (including) | 8.0.5 (including) |
Postgresql | Postgresql | 8.0.6 (including) | 8.0.6 (including) |
Postgresql | Postgresql | 8.0.7 (including) | 8.0.7 (including) |
Postgresql | Postgresql | 8.1 (including) | 8.1 (including) |
Postgresql | Postgresql | 8.1.1 (including) | 8.1.1 (including) |
Postgresql | Postgresql | 8.1.2 (including) | 8.1.2 (including) |
Postgresql | Postgresql | 8.1.3 (including) | 8.1.3 (including) |
Red Hat Enterprise Linux 3 | RedHat | rh-postgresql-0:7.3.15-2 | * |
Red Hat Enterprise Linux 4 | RedHat | postgresql-0:7.4.13-2.RHEL4.1 | * |
Dovecot | Ubuntu | dapper | * |
Dovecot | Ubuntu | devel | * |
Dovecot | Ubuntu | edgy | * |
Dovecot | Ubuntu | feisty | * |
Exim4 | Ubuntu | dapper | * |
Exim4 | Ubuntu | edgy | * |
Exim4 | Ubuntu | feisty | * |
Postfix | Ubuntu | dapper | * |
Postgresql-7.4 | Ubuntu | dapper | * |
Postgresql-7.4 | Ubuntu | edgy | * |
Postgresql-8.1 | Ubuntu | dapper | * |
Postgresql-8.1 | Ubuntu | devel | * |
Postgresql-8.1 | Ubuntu | edgy | * |
Postgresql-8.1 | Ubuntu | feisty | * |
Postgresql-8.2 | Ubuntu | devel | * |
Postgresql-8.2 | Ubuntu | feisty | * |
Psycopg | Ubuntu | dapper | * |
Psycopg | Ubuntu | devel | * |
Psycopg | Ubuntu | edgy | * |
Psycopg | Ubuntu | feisty | * |
Psycopg2 | Ubuntu | devel | * |
Psycopg2 | Ubuntu | edgy | * |
Psycopg2 | Ubuntu | feisty | * |
Pygresql | Ubuntu | dapper | * |
Pygresql | Ubuntu | devel | * |
Pygresql | Ubuntu | edgy | * |
Pygresql | Ubuntu | feisty | * |
Python-pgsql | Ubuntu | dapper | * |
Python-pgsql | Ubuntu | devel | * |
Python-pgsql | Ubuntu | edgy | * |
Python-pgsql | Ubuntu | feisty | * |