CVE-2026-14740
- EPSS 0.41%
- Veröffentlicht 07.07.2026 22:05:45
- Zuletzt bearbeitet 10.07.2026 14:40:21
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during norma...
CVE-2026-14739
- EPSS 0.4%
- Veröffentlicht 07.07.2026 22:05:18
- Zuletzt bearbeitet 10.07.2026 14:41:16
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1...
CVE-2026-14380
- EPSS 0.24%
- Veröffentlicht 07.07.2026 22:04:49
- Zuletzt bearbeitet 10.07.2026 14:46:21
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is assigned to a DBI handle's Profile attribute, DBI splits it into path, package and arguments, and interpolates the package part in a ...
CVE-2026-9698
- EPSS 0.38%
- Veröffentlicht 09.06.2026 07:22:25
- Zuletzt bearbeitet 30.06.2026 03:21:47
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence ...
CVE-2026-10879
- EPSS 0.41%
- Veröffentlicht 05.06.2026 14:30:58
- Zuletzt bearbeitet 10.06.2026 15:02:24
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per bind...
CVE-2019-20919
- EPSS 0.51%
- Veröffentlicht 17.09.2020 18:15:12
- Zuletzt bearbeitet 21.11.2024 04:39:41
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
CVE-2014-10402
- EPSS 0.49%
- Veröffentlicht 16.09.2020 16:15:14
- Zuletzt bearbeitet 21.11.2024 02:03:32
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomple...
CVE-2013-7490
- EPSS 2.74%
- Veröffentlicht 11.09.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 02:01:08
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
CVE-2013-7491
- EPSS 2.66%
- Veröffentlicht 11.09.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 02:01:08
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
CVE-2014-10401
- EPSS 0.44%
- Veröffentlicht 11.09.2020 19:15:11
- Zuletzt bearbeitet 21.11.2024 02:03:32
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.