Back to overview

CVE-2026-60082

CRITICAL
9.1
CVSS 3.1
Description
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.

Metadata

CVE ID
CVE-2026-60082
State
PUBLISHED
Assigner
CPANSec
Reserved
2026-07-08 11:45 UTC
Published
2026-07-14 15:35 UTC
Last updated
2026-07-15 14:08 UTC
Primary CWE
CWE-125
CWE-125 Out-of-bounds Read
Vendor / Product
HMBRAND / DBI
Sources
cve.org  ·  NVD

Severity & Metrics

9.1 CRITICAL CVSS 3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
yes
Tech. Impact
partial
Affected products (1)
VendorProductPlatformVersions
HMBRAND DBI 0 < 1.651
Weakness (CWE)
CWESourceDescription
CWE-125 cna CWE-125 Out-of-bounds Read
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.1 CRITICAL 3.1 adp CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Back to overview