CVE-2026-60082
N/A
N/A
Summary
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.
When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.
This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| HMBRAND | DBI | 0 < 1.651 | affected |
Weaknesses
- CWE-125: CWE-125 Out-of-bounds Read
ADP Enrichment
CVE Program Container
Additional References
References
- https://github.com/perl5-dbi/dbi/security/advisories/GHSA-rwhc-hhmv-cjvg
- https://metacpan.org/release/HMBRAND/DBI-1.651/changes
- https://github.com/perl5-dbi/dbi/commit/397868704291bbf0989b97e2c0661189890653e2.patch
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.