10 matches found
CVE-2014-10402
CVE-2014-10402 affects the Perl DBI module (DBD::File drivers) up to version 1.643. The flaw allows opening files from folders outside the DSN-specified f_dir attribute in the data source name, due to an incomplete fix for CVE-2014-10401. This can lead to information disclosure. A patch exists; D...
CVE-2019-20919
CVE-2019-20919 is related to the Perl DBI module. The issue affects Perl-DBI before version 1.643, where hv_fetch() checks for NULL but then calls SvOK(profile), causing a NULL pointer dereference. Several advisories (EulerOS, Red Hat, OpenVAS prompts) reference this CVE alongside CVE-2014-10401 ...
CVE-2014-10401
CVE-2014-10401 affects the Perl DBI module (DBD::File) where files can be opened from folders outside the DSN‑specified f_dir, due to an incomplete fix. Affected versions include DBI prior to 1.632; some advisories note ongoing risk or incomplete fixes (e.g., Debian DLA-3035 and Astra Linux note)...
CVE-2013-7490
Summary: CVE-2013-7490 affects the Perl DBI module prior to 1.632, where using many arguments to Callback methods may cause memory corruption. This issue is repeatedly reflected across multiple advisories (including SUSE/Red Hat/Nessus entries) and is acknowledged as a memory corruption bug in DB...
CVE-2026-10879
CVE-2026-10879 affects DBI for Perl, pre-1.648. A heap overflow occurs during preparsing SQL with more than 9 binders; the preparse method expands placeholders to :pN but only allocates 3 characters per binder, causing overflow as placeholders 10–99 need 4 chars, 100–999 need 5, etc. The issue is...
CVE-2013-7491
CVE-2013-7491 affects the Perl DBI module prior to 1.628. The issue is a stack corruption that occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack is reallocated. Impact is described as potential memory corruption related to stack handling; exploitation ...
CVE-2026-9698
CVE-2026-9698 affects the Perl DBI module. Versions before 1.648 save error messages in a 200-byte buffer without length control, allowing an attacker who can influence error text to trigger a buffer overflow. Connected sources confirm the issue in DBI for Perl and identify the vulnerable compone...
CVE-2026-14739
CVE-2026-14739 affects DBI for Perl; versions before 1.650 are vulnerable to a heap overflow during preparsing of SQL statements with an extremely large number of placeholders. The fix in DBI 1.650 introduces a hard limit of 99,999 placeholders, addressing the prior memory allocation issue that c...
CVE-2026-14740
DBI for Perl before 1.650 is affected by CVE-2026-14740. The vulnerability is rooted in the preparse() function, where deleting an initial SQL comment during SQL normalization causes an out-of-bounds read by one byte. Impact is a fault on memory-hardened builds and nondeterministic newline retent...
CVE-2026-14380
CVE-2026-14380 affects DBI for Perl when using versions before 1.650. A string assigned to the Profile attribute of a DBI handle is split into path, package and arguments, and the package name is interpolated in an unvalidated string eval, allowing arbitrary Perl code execution if untrusted data ...