Subject: Re: [boost] [Locale] Security bug announcement - UTF-8 validation
From: Mathias Gaunard (mathias.gaunard_at_[hidden])
Date: 2013-01-04 11:23:09
On 04/01/13 16:00, Jookia wrote:
> Pardon my ignorance, but how would an invalid UTF-8 sequence cause a
> security threat? All I can think it would do is create garbage.
Different software treat malformed UTF-8 sequences differently. One
piece of software may consider that the sequence contains some special
characters while others might not.
This can be used for SQL injection among others.