Heap Overflow in DBI for Perl Affects Multiple Versions
CVE-2026-10879
9.8CRITICAL
What is CVE-2026-10879?
The vulnerability in DBI for Perl arises from a heap overflow issue when preparsing SQL statements that contain more than nine binders. The preparse method inadequately allocates memory for SQL placeholder characters, limiting binder allocation to three characters. This oversight leads to improper handling of binders, causing potentially unstable conditions when dealing with placeholders 10-99 or higher, which require more character space. As a result, attackers can exploit this flaw to execute manipulated SQL statements, leading to unpredictable application behavior or data compromise.
Affected Version(s)
DBI 0 < 1.648
