VulnerableCode Package Details - pkg:generic/postgresql@7.4.13

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-knew-ww8s-aaam	CVE-2006-2313 security flaw	CVE-2006-2313
VCID-t2g8-v7u9-aaae	PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.	CVE-2006-2314

Vulnerability

Summary

Aliases

VCID-knew-ww8s-aaam

CVE-2006-2313 security flaw

CVE-2006-2313

VCID-t2g8-v7u9-aaae

PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem.

CVE-2006-2314

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:42:24.940786+00:00	PostgreSQL Importer	Fixing	VCID-knew-ww8s-aaam	https://www.postgresql.org/support/security/CVE-2006-2313	36.0.0
2025-03-28T07:42:24.830196+00:00	PostgreSQL Importer	Fixing	VCID-t2g8-v7u9-aaae	https://www.postgresql.org/support/security/CVE-2006-2314	36.0.0
2024-09-18T01:54:28.228407+00:00	PostgreSQL Importer	Fixing	VCID-knew-ww8s-aaam	https://www.postgresql.org/support/security/CVE-2006-2313	34.0.1
2024-09-18T01:54:28.120225+00:00	PostgreSQL Importer	Fixing	VCID-t2g8-v7u9-aaae	https://www.postgresql.org/support/security/CVE-2006-2314	34.0.1
2024-01-03T22:23:02.734429+00:00	PostgreSQL Importer	Fixing	VCID-knew-ww8s-aaam	https://www.postgresql.org/support/security/CVE-2006-2313	34.0.0rc1
2024-01-03T22:23:02.614336+00:00	PostgreSQL Importer	Fixing	VCID-t2g8-v7u9-aaae	https://www.postgresql.org/support/security/CVE-2006-2314	34.0.0rc1