DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.
The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.
DBI version 1.650 sets a hard limit of 99,999 placeholders.
The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.
DBI version 1.650 sets a hard limit of 99,999 placeholders.
Advisories
No advisories yet.
Fixes
Solution
Upgrade to DBI version 1.650 or later.
Workaround
No workaround given by the vendor.
References
History
Tue, 07 Jul 2026 23:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Hmbrand
Hmbrand dbi |
|
| Vendors & Products |
Hmbrand
Hmbrand dbi |
Tue, 07 Jul 2026 22:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders. The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders. DBI version 1.650 sets a hard limit of 99,999 placeholders. | |
| Title | DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders | |
| Weaknesses | CWE-787 | |
| References |
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-07T22:05:18.457Z
Reserved: 2026-07-04T09:24:31.098Z
Link: CVE-2026-14739
No data.
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T23:30:16Z
Weaknesses