71 matches found
Linux Distros Unpatched Vulnerability : CVE-2026-14739
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did no...
CVE-2026-14739
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders...
CVE-2026-14740
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-14740
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byt...
CVE-2026-14380
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a string eval with no validation of the package...
PT-2026-56273
Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description A heap overflow occurs when preparsing SQL statements that contain an extreme number of placeholders. This happens because insufficient memory was allocated to handle approximately 1.2 million...
PT-2026-56272
Name of the Vulnerable Software and Affected Versions DBI versions prior to 1.650 Description Code injection is possible via a caller-influenced Profile attribute. When a string is assigned to this attribute, the software splits it into path, package, and arguments, then interpolates the package...
SUSE-SU-2026:2749-1 Security update for perl-DBI
This update for perl-DBI fixes the following issues - CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer bsc1267957. - CVE-2026-10879: SQL statements with more than 9 binders can cause an heap overflow bsc1267849...
[SECURITY] Fedora 44 Update: perl-DBI-1.648-1.fc44
DBI is a database access Application Programming Interface API for the Perl Language. The DBI API Specification defines a set of functions, variables and conventions that provide a consistent database interface independent of the actual database being used...
USN-8466-1: Perl DBI module vulnerabilities
It was discovered that the Perl DBI module incorrectly handled certain error messages. An attacker could use this issue to cause applications using the Perl DBI module to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-9698 It was discovered that the Perl DBI...
USN-8466-1 libdbi-perl vulnerabilities
It was discovered that the Perl DBI module incorrectly handled certain error messages. An attacker could use this issue to cause applications using the Perl DBI module to crash, resulting in a denial of service, or possibly execute arbitrary code. CVE-2026-9698 It was discovered that the Perl DBI...
OPENSUSE-SU-2026:21029-1 Security update for perl-DBI
This update for perl-DBI fixes the following issues - CVE-2026-9698: DBI versions before 1.648 for Perl saved errors in a limited-sized buffer bsc1267957. - CVE-2026-10879: SQL statements with more than 9 binders can cause an heap overflow bsc1267849...
Amazon Linux 2 : perl-DBI, --advisory ALAS2-2026-3361 (ALAS-2026-3361)
The version of perl-DBI installed on the remote host is prior to 1.627-4. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2026-3361 advisory. DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The...
CVE-2026-9698
A flaw was found in DBI, a Perl database interface. This vulnerability allows an attacker to trigger a buffer overflow by manipulating error messages within an application. When specific error handling options are active, an attacker can provide oversized error text, which may lead to arbitrary...
CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4
CVE-2026-10879 affecting package perl-DBI for versions less than 1.643-4. A patched version of the package is available...
OESA-2026-2684 perl-DBI security update
The DBI is the standard database interface module for Perl. It defines a set of methods, variables and conventions that provide a consistent database interface independent of the actual database being used. It is important to remember that the DBI is just an interface. The DBI is a layer of "glue...
EUVD-2026-35366
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a...
CVE-2026-9698 DBI versions before 1.648 for Perl saved errors in a limited-sized buffer
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a...
SUSE CVE-2026-10879
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require fou...