CVE-2026-14739 PUBLISHED

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders

Assigner: CPANSec
Reserved: 04.07.2026 Published: 07.07.2026 Updated: 08.07.2026

DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.

The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.

DBI version 1.650 sets a hard limit of 99,999 placeholders.

Product Status

Vendor HMBRAND
Product DBI
Versions Default: unaffected
  • affected from 0 to 1.650 (excl.)

Solutions

Upgrade to DBI version 1.650 or later.

References

Problem Types

  • CWE-787 Out-of-bounds Write CWE