Back to overview

CVE-2026-60081

Description
DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.

Metadata

CVE ID
CVE-2026-60081
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-07-08 11:45 UTC
Published
2026-07-14 15:34 UTC
Last updated
2026-07-14 18:23 UTC
Primary CWE
CWE-770
CWE-770 Allocation of Resources Without Limits or Throttling
Vendor / Product
HMBRAND / DBI::ProfileData
Sources
cve.org  ·  NVD

Severity & Metrics

No CVSS data available.

Affected products (1)
VendorProductPlatformVersions
HMBRAND DBI::ProfileData 0 < 1.651
Weakness (CWE)
CWESourceDescription
CWE-770 cna CWE-770 Allocation of Resources Without Limits or Throttling
Back to overview