An attacker able to submit crafted strings to an application that will embed those strings in SQL commands can use invalidly-encoded multibyte characters to bypass standard string-escaping methods, resulting in possible SQL injection.
For more information about PostgreSQL versioning,
please visit the versioning page.
Reporting Security Vulnerabilities
If you wish to report a new security vulnerability in PostgreSQL, please
send an email to
For reporting non-security bugs, please see the Report a Bug page.