DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row
Summary
| CVE | CVE-2026-60082 |
|---|---|
| State | PUBLISHED |
| Assigner | CPANSec |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2026-07-14 16:17:03 UTC |
| Updated | 2026-07-14 19:18:03 UTC |
| Description | DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method. |
Risk And Classification
Problem Types: CWE-125 | CWE-125 CWE-125 Out-of-bounds Read
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| www.openwall.com/lists/oss-security/2026/07/14/13 | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | |
| github.com/perl5-dbi/dbi/commit/397868704291bbf0989b97e2c0661189890653e2... | 9b29abf9-4ab0-4765-b253-1875cd9b441e | github.com | |
| github.com/perl5-dbi/dbi/security/advisories/GHSA-rwhc-hhmv-cjvg | 9b29abf9-4ab0-4765-b253-1875cd9b441e | github.com | |
| metacpan.org/release/HMBRAND/DBI-1.651/changes | 9b29abf9-4ab0-4765-b253-1875cd9b441e | metacpan.org | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Additional Advisory Data
Solutions
CNA: Upgrade to version 1.651 or later.
There are currently no legacy QID mappings associated with this CVE.