CVE-2026-14739
N/A
N/A
Summary
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.
The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.
DBI version 1.650 sets a hard limit of 99,999 placeholders.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HMBRAND | DBI | 0 < 1.650 | affected |
Weaknesses
- CWE-787: CWE-787 Out-of-bounds Write
References
- https://github.com/perl5-dbi/dbi/commit/2b77c88b655e9539a592c71a61fb965fc0075395.patch
- https://www.cve.org/CVERecord?id=CVE-2026-10879
- https://metacpan.org/release/HMBRAND/DBI-1.650/changes
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.