PREQUEL-2025-0084

PostgreSQL unsupported Unicode escape sequence errorMedium

Impact: 7/10

Mitigation: 4/10

PREQUEL-2025-0084View on GitHub

PostgreSQLUnicodeData Error

Description

The application encounters errors when PostgreSQL attempts to process strings containing invalid or unsupported Unicode escape sequences. This commonly occurs in applications using psycopg2 to interact with PostgreSQL databases, resulting in queries failing with \"unsupported Unicode escape sequence\" errors. The underlying issue is that PostgreSQL's string parser attempts to interpret escape sequences like '\\\\uXXXX' according to Unicode standards, but rejects malformed or incomplete sequences.\n

Mitigation

- Use parameterized queries or prepared statements to avoid SQL string interpolation issues\n- Escape backslashes in string literals by doubling them (e.g., '\\\\\\\\u' instead of '\\\\u')\n- For literal string representation in PostgreSQL, use the E'' string syntax with proper escaping\n- When handling file paths or strings with potential backslashes, either replace them with forward slashes or ensure they're properly escaped\n- Set standard_conforming_strings=on in PostgreSQL configuration (default in modern versions)\n- For bulk data imports, preprocess the data to escape or remove problematic sequences\n- When working with Django and psycopg2, wrap critical database operations in try-except blocks that specifically catch DataError and handle the issue gracefully\n

References

• https://stackoverflow.com/questions/31671634/handling-unicode-sequences-in-postgresql
• https://www.postgresql.org/docs/current/sql-syntax-lexical.html#SQL-SYNTAX-STRINGS
• https://www.psycopg.org/docs/usage.html#unicode-handling