CVE-2026-14740
N/A
N/A
Summary
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.
The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HMBRAND | DBI | 0 < 1.650 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
Workarounds
Remove initial comments from SQL statements before passing them to DBI.
ADP Enrichment
CVE Program Container
Additional References
References
- https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01.patch
- https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg
- https://metacpan.org/release/HMBRAND/DBI-1.650/changes
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.