CVE-2006-2313

Published: May 24, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection."

Affected (40)

Products: Postgresql: Postgresql

Postgresql

1 product

Postgresql

Configuration A

40 vulnerable

Vulnerable Software	Affected Versions
Postgresql Postgresql	Version 7.3.10
Postgresql Postgresql	Version 7.3.11
Postgresql Postgresql	Version 7.3.12
Postgresql Postgresql	Version 7.3.13
Postgresql Postgresql	Version 7.3.14
Postgresql Postgresql	Version 7.3.1
Postgresql Postgresql	Version 7.3.2
Postgresql Postgresql	Version 7.3.3
Postgresql Postgresql	Version 7.3.4
Postgresql Postgresql	Version 7.3.5
Postgresql Postgresql	Version 7.3.6
Postgresql Postgresql	Version 7.3.7
Postgresql Postgresql	Version 7.3.8
Postgresql Postgresql	Version 7.3.9
Postgresql Postgresql	Version 7.3
Postgresql Postgresql	Version 7.4.10
Postgresql Postgresql	Version 7.4.11
Postgresql Postgresql	Version 7.4.12
Postgresql Postgresql	Version 7.4.1
Postgresql Postgresql	Version 7.4.2
Postgresql Postgresql	Version 7.4.3
Postgresql Postgresql	Version 7.4.4
Postgresql Postgresql	Version 7.4.5
Postgresql Postgresql	Version 7.4.6
Postgresql Postgresql	Version 7.4.7
Postgresql Postgresql	Version 7.4.8
Postgresql Postgresql	Version 7.4.9
Postgresql Postgresql	Version 7.4
Postgresql Postgresql	Version 8.0.1
Postgresql Postgresql	Version 8.0.2
Postgresql Postgresql	Version 8.0.3
Postgresql Postgresql	Version 8.0.4
Postgresql Postgresql	Version 8.0.5
Postgresql Postgresql	Version 8.0.6
Postgresql Postgresql	Version 8.0.7
Postgresql Postgresql	Version 8.0
Postgresql Postgresql	Version 8.1.1
Postgresql Postgresql	Version 8.1.2
Postgresql Postgresql	Version 8.1.3
Postgresql Postgresql	Version 8.1

References (58)

ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc (unsafe URL)

Source: cve@mitre.org

http://archives.postgresql.org/pgsql-announce/2006-05/msg00010.php

Source: cve@mitre.org

Patch

http://lists.suse.com/archive/suse-security-announce/2006-Jun/0002.html

Source: cve@mitre.org

http://secunia.com/advisories/20231

Source: cve@mitre.org

http://secunia.com/advisories/20232

Source: cve@mitre.org

http://secunia.com/advisories/20314

Source: cve@mitre.org

http://secunia.com/advisories/20435

Source: cve@mitre.org

http://secunia.com/advisories/20451

Source: cve@mitre.org

http://secunia.com/advisories/20503

Source: cve@mitre.org

http://secunia.com/advisories/20555

Source: cve@mitre.org

http://secunia.com/advisories/20653

Source: cve@mitre.org

http://secunia.com/advisories/20782

Source: cve@mitre.org

http://secunia.com/advisories/21001

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200607-04.xml

Source: cve@mitre.org

http://securitytracker.com/id?1016142

Source: cve@mitre.org

http://support.avaya.com/elmodocs2/security/ASA-2006-113.htm

Source: cve@mitre.org

http://www.debian.org/security/2006/dsa-1087

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDKSA-2006:098

Source: cve@mitre.org

http://www.postgresql.org/docs/techdocs.50

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2006-0526.html

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435038/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/435161/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/18092

Source: cve@mitre.org

http://www.trustix.org/errata/2006/0032/

Source: cve@mitre.org

http://www.ubuntu.com/usn/usn-288-2

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2006/1941

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/26627

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10618

Source: cve@mitre.org

https://usn.ubuntu.com/288-1/

Source: cve@mitre.org

ftp://patches.sgi.com/support/free/security/advisories/20060602-01-U.asc (unsafe URL)