CVE-2026-60082
Deferred
Deferred - Pending Action
DBI Perl Module Row-Buffer Read from Negative Index
Vulnerability report for CVE-2026-60082, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.
Publication date: 2026-07-14
Last updated on: 2026-07-14
Assigner: CPANSec
Description
Description
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row.
When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index.
This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| perl | dbi | to 1.651 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-125 | The product reads data past the end, or before the beginning, of the intended buffer. |