DBI::ProfileData versions before 1.651 for Perl do not limit the path index
Summary
| CVE | CVE-2026-60081 |
|---|---|
| State | PUBLISHED |
| Assigner | CPANSec |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-14 16:17:03 UTC |
| Updated | 2026-07-14 19:18:03 UTC |
| Description | DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory. |
Risk And Classification
Problem Types: CWE-770 | CWE-770 CWE-770 Allocation of Resources Without Limits or Throttling
Vendor Declared Affected Products
| Source | Vendor | Product | Version | Platforms |
|---|---|---|---|---|
| CNA | HMBRAND | DBIProfileData | affected 1.651 custom | Not specified |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4 | 9b29abf9-4ab0-4765-b253-1875cd9b441e | github.com | |
| www.openwall.com/lists/oss-security/2026/07/14/14 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a... | 9b29abf9-4ab0-4765-b253-1875cd9b441e | github.com | |
| metacpan.org/release/HMBRAND/DBI-1.651/changes | 9b29abf9-4ab0-4765-b253-1875cd9b441e | metacpan.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
Solutions
CNA: Upgrade to version 1.651 or later.
There are currently no legacy QID mappings associated with this CVE.