Re: BUG #14998: XXS vulnerabilities in PostgreSQL 'utf8 4-byte truncation'

From: Andres Freund <andres(at)anarazel(dot)de>
To: ltthu2810(at)gmail(dot)com, pgsql-bugs(at)postgresql(dot)org
Subject: Re: BUG #14998: XXS vulnerabilities in PostgreSQL 'utf8 4-byte truncation'
Date: 2018-01-04 04:22:51
Message-ID: 20180104042251.d2yqmgbnlkf67nny@alap3.anarazel.de
Views: Whole Thread | Raw Message | Download mbox | Resend email
Thread:
Lists: pgsql-bugs

On 2018-01-04 04:19:19 +0000, PG Bug reporting form wrote:
> The following bug has been logged on the website:
>
> Bug reference: 14998
> Logged by: Thu Luu
> Email address: ltthu2810(at)gmail(dot)com
> PostgreSQL version: 9.6.2
> Operating system: CentOs 6.x
> Description:
>
> My application uses the Postgresql 9.6.2. But, when I use the tool to scan
> the vulnerabilities. There are some errors related to DB: 'MYSQL utf8 4-byte
> truncation'.
> Refer:
> https://www.acunetix.com/vulnerabilities/web/mysql-utf8-4-byte-truncation

Postgres is not mysql, and to my knowledge does not suffer from an
equivalent vulnerability. So this more looks like a weakness in your
scanning tool.

Greetings,

Andres Freund

In response to

Responses

Browse pgsql-bugs by date

  From Date Subject
Next Message Thu Luu 2018-01-04 08:11:19 Fwd: BUG #14998: XXS vulnerabilities in PostgreSQL 'utf8 4-byte truncation'
Previous Message PG Bug reporting form 2018-01-04 04:19:19 BUG #14998: XXS vulnerabilities in PostgreSQL 'utf8 4-byte truncation'