======================================================================== CVE-2026-60082 CPAN Security Group ======================================================================== CVE ID: CVE-2026-60082 Distribution: DBI Versions: before 1.651 MetaCPAN: https://metacpan.org/dist/DBI VCS Repo: https://github.com/perl5-dbi/dbi DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row Description ----------- DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method. Problem types ------------- - CWE-125 Out-of-bounds Read Solutions --------- Upgrade to version 1.651 or later. References ---------- https://github.com/perl5-dbi/dbi/security/advisories/GHSA-rwhc-hhmv-cjvg https://metacpan.org/release/HMBRAND/DBI-1.651/changes https://github.com/perl5-dbi/dbi/commit/397868704291bbf0989b97e2c0661189890653e2.patch
