Out-of-Bounds Read in DBI for Perl Affects Memory Management
CVE-2026-14740

Currently unrated

Key Information:

Vendor

Hmbrand

Status
Vendor
CVE Published:
7 July 2026

What is CVE-2026-14740?

The DBI module for Perl, prior to version 1.650, is vulnerable to an out-of-bounds read when processing SQL comments. Specifically, the preparse method, which is responsible for normalizing SQL and stripping out comments, mishandles scenarios where the SQL starts with a comment line. This mismanagement can lead to a read of one byte beyond the intended buffer, resulting in potential memory faults on memory-hardened builds and unpredictable newline retention on non-hardened builds. Users of affected DBI versions are advised to update to ensure secure handling of SQL pre-parsing.

Affected Version(s)

DBI 0 < 1.650

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.