Heap Overflow in DBI for Perl Affects Multiple Versions
CVE-2026-10879

9.8CRITICAL

Key Information:

Vendor

Hmbrand

Status
Vendor
CVE Published:
5 June 2026

What is CVE-2026-10879?

The vulnerability in DBI for Perl arises from a heap overflow issue when preparsing SQL statements that contain more than nine binders. The preparse method inadequately allocates memory for SQL placeholder characters, limiting binder allocation to three characters. This oversight leads to improper handling of binders, causing potentially unstable conditions when dealing with placeholders 10-99 or higher, which require more character space. As a result, attackers can exploit this flaw to execute manipulated SQL statements, leading to unpredictable application behavior or data compromise.

Affected Version(s)

DBI 0 < 1.648

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.