{"api_version":"1","generated_at":"2026-07-14T21:18:32+00:00","cve":"CVE-2026-60081","urls":{"html":"https://cve.report/CVE-2026-60081","api":"https://cve.report/api/cve/CVE-2026-60081.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2026-60081","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2026-60081"},"summary":{"title":"DBI::ProfileData versions before 1.651 for Perl do not limit the path index","description":"DBI::ProfileData versions before 1.651 for Perl do not limit the path index.\n\nThe path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.","state":"PUBLISHED","assigner":"CPANSec","published_at":"2026-07-14 16:17:03","updated_at":"2026-07-14 19:18:03"},"problem_types":["CWE-770","CWE-770 CWE-770 Allocation of Resources Without Limits or Throttling"],"metrics":[],"references":[{"url":"https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4","name":"https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"http://www.openwall.com/lists/oss-security/2026/07/14/14","name":"http://www.openwall.com/lists/oss-security/2026/07/14/14","refsource":"af854a3a-2127-422b-91ae-364da2661108","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a.patch","name":"https://github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a.patch","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://metacpan.org/release/HMBRAND/DBI-1.651/changes","name":"https://metacpan.org/release/HMBRAND/DBI-1.651/changes","refsource":"9b29abf9-4ab0-4765-b253-1875cd9b441e","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2026-60081","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2026-60081","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"HMBRAND","product":"DBI::ProfileData","version":"affected 1.651 custom","platforms":[]}],"timeline":[],"solutions":[{"source":"CNA","title":"","value":"Upgrade to version 1.651 or later.","time":"","lang":"en"}],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"providerMetadata":{"dateUpdated":"2026-07-14T18:23:07.627Z","orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE"},"references":[{"url":"http://www.openwall.com/lists/oss-security/2026/07/14/14"}],"title":"CVE Program Container"}],"cna":{"affected":[{"collectionURL":"https://cpan.org/modules","defaultStatus":"unaffected","packageName":"DBI","product":"DBI::ProfileData","programFiles":["lib/DBI/ProfileData.pm"],"programRoutines":[{"name":"DBI::ProfileData::_read_body"}],"repo":"https://github.com/perl5-dbi/dbi","vendor":"HMBRAND","versions":[{"lessThan":"1.651","status":"affected","version":"0","versionType":"custom"}]}],"descriptions":[{"lang":"en","value":"DBI::ProfileData versions before 1.651 for Perl do not limit the path index.\n\nThe path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory."}],"problemTypes":[{"descriptions":[{"cweId":"CWE-770","description":"CWE-770 Allocation of Resources Without Limits or Throttling","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-07-14T15:34:35.483Z","orgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","shortName":"CPANSec"},"references":[{"tags":["vendor-advisory"],"url":"https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4"},{"tags":["release-notes"],"url":"https://metacpan.org/release/HMBRAND/DBI-1.651/changes"},{"tags":["patch"],"url":"https://github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a.patch"}],"solutions":[{"lang":"en","value":"Upgrade to version 1.651 or later."}],"source":{"discovery":"UNKNOWN"},"title":"DBI::ProfileData versions before 1.651 for Perl do not limit the path index","x_generator":{"engine":"cpansec-cna-tool 0.1"}}},"cveMetadata":{"assignerOrgId":"9b29abf9-4ab0-4765-b253-1875cd9b441e","assignerShortName":"CPANSec","cveId":"CVE-2026-60081","datePublished":"2026-07-14T15:34:35.483Z","dateReserved":"2026-07-08T11:45:04.838Z","dateUpdated":"2026-07-14T18:23:07.627Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-07-14 16:17:03","lastModifiedDate":"2026-07-14 19:18:03","problem_types":["CWE-770","CWE-770 CWE-770 Allocation of Resources Without Limits or Throttling"],"metrics":[],"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2026","CveId":"60081","Ordinal":"1","Title":"DBI::ProfileData versions before 1.651 for Perl do not limit the","CVE":"CVE-2026-60081","Year":"2026"},"notes":[{"CveYear":"2026","CveId":"60081","Ordinal":"1","NoteData":"DBI::ProfileData versions before 1.651 for Perl do not limit the path index.\n\nThe path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.","Type":"Description","Title":"DBI::ProfileData versions before 1.651 for Perl do not limit the"}]}}}