143 matches found
CVE-2026-60082 DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent...
CVE-2026-15043
DBI::SQL::Nano versions from 1.42 before 1.651 for Perl have inverted = SQL operators on text. DBI::SQL::Nano, DBI's built-in mini-SQL engine, evaluated WHERE predicates incorrectly in some cases. In the non-numeric string branch of the ismatched method, = was evaluated using Perl's le operator...
CVE-2026-15043
CVE-2026-15043 affects DBI::SQL::Nano (versions 1.42–1.650.x) for Perl. In the non-numeric string branch of is_matched, the = with Perl's le, causing inverted = comparisons in WHERE predicates. This occurs in the fallback SQL engine used by DBI's file-backed drivers (e.g., DBD::File, DBD::DBM, CS...
DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution
A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary...
RHSA-2026:38513 Red Hat Security Advisory: perl-DBI security update
Bulletin has no description...
DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution
A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary...
DBI: DBI: Buffer overflow in error handling can lead to arbitrary code execution
A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary...
CVE-2026-10879
A flaw was found in perl-DBI. A heap overflow vulnerability exists when preparsing SQL statements with more than 9 binders. The preparse method incorrectly allocates buffer space for SQL placeholder characters, leading to an overflow when processing binders with two or more digits. This can resul...
[SECURITY] Fedora 44 Update: perl-DBI-1.650-1.fc44
DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used...
Linux Distros Unpatched Vulnerability : CVE-2026-14740
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes...
Linux Distros Unpatched Vulnerability : CVE-2026-14739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did no...
DEBIAN-CVE-2026-14739
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...
CVE-2026-14739
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...
CVE-2026-14380
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...
CVE-2026-14740
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-14740
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-14739 DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...
CVE-2026-14739 DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...