CVE-2026-60082
9.1
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Exploitability: 3.9 / Impact: 5.2
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)
Description
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.
When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.
This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
References (4)
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Source: 9b29abf9-4ab0-4765-b253-1875cd9b441e
Source: af854a3a-2127-422b-91ae-364da2661108
Timeline
No history available yet.