CVE-2026-60082

Summary

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.

When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.

This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.

Affected Software

VendorProductVersion RangeStatus
HMBRANDDBI0 < 1.651affected

Weaknesses

  • CWE-125: CWE-125 Out-of-bounds Read

ADP Enrichment

CVE Program Container

Additional References

References