Description
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment.
The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
Published:
2026-07-07
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
No analysis available yet.
Remediation
Vendor Solution
Upgrade to DBI version 1.650 or later.
Vendor Workaround
Remove initial comments from SQL statements before passing them to DBI.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Tue, 07 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hmbrand
Hmbrand dbi |
|
| Vendors & Products |
Hmbrand
Hmbrand dbi |
Tue, 07 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds. | |
| Title | DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment | |
| Weaknesses | CWE-125 | |
| References |
|
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-08T00:28:32.673Z
Reserved: 2026-07-04T09:43:56.576Z
Link: CVE-2026-14740
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T23:30:16Z
Weaknesses
-
CWE-125
Out-of-bounds Read