high
7.5
CWE
NVD-CWE-Other 89
Advisory Published
Updated

CVE-2006-2314: SQL Injection

First published: Wed May 24 2006(Updated: )

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
PostgreSQL Common=8.0.7
PostgreSQL Common=8.0.2
PostgreSQL Common=7.3.3
PostgreSQL Common=7.3
PostgreSQL Common=8.1
PostgreSQL Common=7.4.1
PostgreSQL Common=7.3.9
PostgreSQL Common=7.3.10
PostgreSQL Common=8.1.3
PostgreSQL Common=7.4.6
PostgreSQL Common=7.4.11
PostgreSQL Common=8.0.3
PostgreSQL Common=7.4.7
PostgreSQL Common=7.3.11
PostgreSQL Common=7.4.3
PostgreSQL Common=7.3.6
PostgreSQL Common=7.4.9
PostgreSQL Common=7.4.5
PostgreSQL Common=7.3.8
PostgreSQL Common=7.4.8
PostgreSQL Common=8.0.6
PostgreSQL Common=7.4
PostgreSQL Common=7.4.4
PostgreSQL Common=7.3.13
PostgreSQL Common=8.0.1
PostgreSQL Common=7.3.2
PostgreSQL Common=7.3.5
PostgreSQL Common=7.4.12
PostgreSQL Common=7.3.12
PostgreSQL Common=8.1.1
PostgreSQL Common=7.3.14
PostgreSQL Common=7.3.1
PostgreSQL Common=7.4.10
PostgreSQL Common=8.0.4
PostgreSQL Common=8.0.5
PostgreSQL Common=7.3.7
PostgreSQL Common=7.4.2
PostgreSQL Common=8.0
PostgreSQL Common=7.3.4
PostgreSQL Common=8.1.2

Remedy

http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2006-2314?

    CVE-2006-2314 is classified as a medium severity vulnerability that allows attackers to bypass SQL injection protections.

  • How do I fix CVE-2006-2314?

    To fix CVE-2006-2314, upgrade PostgreSQL to version 8.1.4, 8.0.8, 7.4.13, 7.3.15, or later.

  • Which PostgreSQL versions are affected by CVE-2006-2314?

    CVE-2006-2314 affects PostgreSQL versions 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, and earlier versions.

  • What type of attack can exploit CVE-2006-2314?

    CVE-2006-2314 can be exploited through SQL injection attacks, particularly in applications using multibyte encodings.

  • Are there any known workarounds for CVE-2006-2314?

    There are no recommended workarounds for CVE-2006-2314; patching is the primary method of mitigation.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203