Thread: BUG #14998: XXS vulnerabilities in PostgreSQL 'utf8 4-byte truncation'

The following bug has been logged on the website:

Bug reference:      14998
Logged by:          Thu Luu
Email address:      ltthu2810@gmail.com
PostgreSQL version: 9.6.2
Operating system:   CentOs 6.x
Description:

My application uses the Postgresql 9.6.2. But, when I use the tool to scan
the vulnerabilities. There are some errors related to DB: 'MYSQL utf8 4-byte
truncation'.
Refer:
https://www.acunetix.com/vulnerabilities/web/mysql-utf8-4-byte-truncation

Please help me to fix this. Thanks for your reading.

On 2018-01-04 04:19:19 +0000, PG Bug reporting form wrote:
> The following bug has been logged on the website:
> 
> Bug reference:      14998
> Logged by:          Thu Luu
> Email address:      ltthu2810@gmail.com
> PostgreSQL version: 9.6.2
> Operating system:   CentOs 6.x
> Description:        
> 
> My application uses the Postgresql 9.6.2. But, when I use the tool to scan
> the vulnerabilities. There are some errors related to DB: 'MYSQL utf8 4-byte
> truncation'.
> Refer:
> https://www.acunetix.com/vulnerabilities/web/mysql-utf8-4-byte-truncation

Postgres is not mysql, and to my knowledge does not suffer from an
equivalent vulnerability. So this more looks like a weakness in your
scanning tool.

Greetings,

Andres Freund

Hi!
I do not understand what your problem is. UTF8 character may be 4 bytes long by standart. Postgresql can store this
characters.Mysql - for history reasons - treat utf8 as at most 3 byte characters and is not fully unicode compatible.
Inmysql 5.5 was added utf8mb4 charset which is full unicode compatible and can store 4 byte characters (
https://dev.mysql.com/doc/refman/5.5/en/charset-unicode-utf8mb4.html). Discarding or correct storing 4-byte symbols is
notvulnerabilities, just historical error in mysql.
 

PS: given link is broken due outdated https cert.