CVE-2002-0802
PostgreSQL 6.5.x - SQL Injection via Multibyte Character Processing
Title source: llmDescription
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
References (3)
Core 3
Core References
Mailing List x_refsource_misc
http://marc.info/?l=postgresql-general&m=102032794322362
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-149.html
Third Party Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/10328.php
Scores
EPSS
0.0037
EPSS Percentile
59.2%
Details
Status
published
Products (1)
postgresql/postgresql
6.5.0
Published
Aug 12, 2002
Tracked Since
Feb 18, 2026