Out-of-Bounds Read in DBI for Perl Affects Memory Management
CVE-2026-14740
Currently unrated
What is CVE-2026-14740?
The DBI module for Perl, prior to version 1.650, is vulnerable to an out-of-bounds read when processing SQL comments. Specifically, the preparse method, which is responsible for normalizing SQL and stripping out comments, mishandles scenarios where the SQL starts with a comment line. This mismanagement can lead to a read of one byte beyond the intended buffer, resulting in potential memory faults on memory-hardened builds and unpredictable newline retention on non-hardened builds. Users of affected DBI versions are advised to update to ensure secure handling of SQL pre-parsing.
Affected Version(s)
DBI 0 < 1.650
