Heap Overflow Vulnerability in DBI for Perl
CVE-2026-14739

Currently unrated

Key Information:

Vendor

Hmbrand

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-14739?

In DBI versions prior to 1.650, a vulnerability exists that leads to a heap overflow when preparsing SQL statements containing an extremely high number of placeholders. Previous fixes did not account for enough memory allocation needed for handling approximately 1.2 million placeholders, making systems susceptible to instability or exploitation. The corrected version, DBI 1.650, addresses this issue by imposing a hard limit of 99,999 placeholders, enhancing security against potential exploits that could arise from excessive memory consumption.

Affected Version(s)

DBI 0 < 1.650

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.