CVE-2026-3257
Heap-Based Overflow in UnQLite Perl Module
Publication date: 2026-03-05
Last updated on: 2026-03-09
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tokuhirom | unqlite | to 0.07 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-3257 is a vulnerability in UnQLite versions through 0.06 for Perl, which uses an outdated version of the UnQLite library from 2014. This older library version may be susceptible to a heap-based overflow, a type of memory corruption issue that can occur when more data is written to a heap buffer than it can hold.
How can this vulnerability impact me? :
The heap-based overflow vulnerability in the UnQLite library used by the Perl module could potentially allow an attacker to execute arbitrary code, cause a denial of service, or corrupt data by exploiting the memory corruption. This could compromise the security and stability of applications relying on this database engine.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability affects UnQLite for Perl versions 0.06 and earlier that embed a version of the UnQLite library from 2014. Detection involves identifying if your system or applications are using UnQLite for Perl at or below version 0.06.
You can check the installed version of the UnQLite Perl module by running commands such as:
- perl -MUnQLite -e 'print $UnQLite::VERSION . "\n";'
- cpan -l | grep UnQLite
Additionally, searching your codebase or system for usage of UnQLite Perl module versions or embedded UnQLite library from 2014 can help detect vulnerable instances.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should upgrade the UnQLite Perl module to a version later than 0.06 that uses a secure and updated version of the UnQLite library.
If an upgrade is not immediately possible, consider restricting access to systems running the vulnerable version to trusted users only and monitor for suspicious activity that could exploit a heap-based overflow.
Review and apply any patches or updates provided by the maintainers of the UnQLite Perl module or the UnQLite library.