CVE-2026-10879
Vulnerability Description
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders.
The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.
The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-787
Source
NVD
Vendor
HMBRAND
Product
DBI
Discussion (0)
Add Comment
No comments yet. Be the first!