Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AC:H because the trigger needs the specific zero-field/non-empty-row inconsistency from an untrusted driver or backend; C:H and A:H for memory disclosure and process crash, I:N as no integrity impact.
Primary rating from Vendor (CPANSec).
CVSS VectorVendor: CPANSec
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Lifecycle Timeline
5DescriptionCVE.org
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.
When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.
This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
AnalysisAI
Out-of-bounds read in the Perl DBI (Database Independent Interface) module before version 1.651 lets a caller trigger a negative-array-index read inside the internal row-buffer helper (_set_fbav in DBI.xs), potentially disclosing adjacent process memory or crashing the interpreter. The flaw arises when a statement handle declares zero fields but is fed a non-empty source row, an inconsistency the module failed to reject before returning results. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a caller to invoke DBI's prepare/result path with a statement handle that declares zero fields (dst_fields == 0) while supplying a non-empty source row - the mismatched metadata-versus-row condition is the exact prerequisite named in the description. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | Signals are mixed and worth separating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who controls or compromises a database backend (or a malicious/buggy DBD driver) returns a result set whose declared field metadata says zero fields while the row payload is non-empty; when the application fetches this row, DBI's _set_fbav reads from a negative array index, leaking adjacent heap memory into the result or crashing the Perl process. No public POC exists, and the specific inconsistent-metadata condition raises real-world attack complexity above what the CVSS AC:L rating implies. |
| Remediation | Upgrade to DBI 1.651 or later, which enforces field-count consistency and rejects a zero-field statement handle paired with a non-empty row (Vendor-released patch: DBI 1.651). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, identify all systems running Perl DBI by querying installed Perl modules and document baseline versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Heap out-of-bounds write in the Perl DBI database-interface module before version 1.650 occurs when DBI preparses a SQL
Heap buffer overflow in the Perl DBI module versions before 1.648 occurs when the preparse() function processes SQL stat
Stack-based buffer overflow in Perl DBI module versions prior to 1.648 allows attackers who can influence database error
Incorrect WHERE-clause evaluation in Perl's DBI::SQL::Nano (versions 1.42 up to 1.651) causes text-based '<=' and '>=' c
Out-of-bounds read in the Perl DBI module's preparse() SQL-normalisation routine allows an attacker who controls SQL pas
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile. When a string is ass
Memory-exhaustion denial of service in the DBI::ProfileData module (bundled with Perl DBI) before version 1.651 allows a
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43729