DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.
When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.
This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.
This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to version 1.651 or later.
Workaround
No workaround given by the vendor.
References
History
Tue, 14 Jul 2026 17:00:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hmbrand
Hmbrand dbi |
|
| Vendors & Products |
Hmbrand
Hmbrand dbi |
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method. | |
| Title | DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row | |
| Weaknesses | CWE-125 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-14T15:35:00.730Z
Reserved: 2026-07-08T11:45:04.838Z
Link: CVE-2026-60082
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-14T16:45:04Z
Weaknesses