CVE-2026-14740

Summary

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.

The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.

Affected Software

VendorProductVersion RangeStatus
HMBRANDDBI0 < 1.650affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

Workarounds

Remove initial comments from SQL statements before passing them to DBI.

ADP Enrichment

CVE Program Container

Additional References

References