Skip to main content

Perl DBI EUVDEUVD-2026-43729

| CVE-2026-60082 CRITICAL
Out-of-bounds Read (CWE-125)
2026-07-14 CPANSec
9.1
CVSS 3.1 · Vendor: CPANSec
Share

Severity by source

Vendor (CPANSec) PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
vuln.today AI
7.4 HIGH

AC:H because the trigger needs the specific zero-field/non-empty-row inconsistency from an untrusted driver or backend; C:H and A:H for memory disclosure and process crash, I:N as no integrity impact.

3.1 AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H
4.0 AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (CPANSec).

CVSS VectorVendor: CPANSec

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

5
Source Code Evidence Fetched
Jul 15, 2026 - 15:24 vuln.today
Analysis Generated
Jul 15, 2026 - 15:24 vuln.today
CVSS changed
Jul 15, 2026 - 15:22 NVD
9.1 (CRITICAL)
CVE Published
Jul 14, 2026 - 15:35 cve.org
CRITICAL 9.1
CVE Published
Jul 14, 2026 - 15:35 cve.org
UNKNOWN (no severity yet)

DescriptionCVE.org

DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.

When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.

This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.

AnalysisAI

Out-of-bounds read in the Perl DBI (Database Independent Interface) module before version 1.651 lets a caller trigger a negative-array-index read inside the internal row-buffer helper (_set_fbav in DBI.xs), potentially disclosing adjacent process memory or crashing the interpreter. The flaw arises when a statement handle declares zero fields but is fed a non-empty source row, an inconsistency the module failed to reject before returning results. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Control malicious DB backend or driver
Delivery
Return zero-field metadata with non-empty row
Exploit
Application fetches row via DBI
Execution
_set_fbav reads negative array index
Impact
Disclose adjacent memory or crash interpreter

Vulnerability AssessmentAI

Exploitation Exploitation requires a caller to invoke DBI's prepare/result path with a statement handle that declares zero fields (dst_fields == 0) while supplying a non-empty source row - the mismatched metadata-versus-row condition is the exact prerequisite named in the description. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are mixed and worth separating. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls or compromises a database backend (or a malicious/buggy DBD driver) returns a result set whose declared field metadata says zero fields while the row payload is non-empty; when the application fetches this row, DBI's _set_fbav reads from a negative array index, leaking adjacent heap memory into the result or crashing the Perl process. No public POC exists, and the specific inconsistent-metadata condition raises real-world attack complexity above what the CVSS AC:L rating implies.
Remediation Upgrade to DBI 1.651 or later, which enforces field-count consistency and rejects a zero-field statement handle paired with a non-empty row (Vendor-released patch: DBI 1.651). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours, identify all systems running Perl DBI by querying installed Perl modules and document baseline versions. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-43729 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy