Dbi
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10879 | Cri | 0.57 | 9.8 | 0.00 | Jun 5, 2026 | DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. … | ||
| CVE-2026-9698 | 0.00 | — | — | Jun 9, 2026 | DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an… | |||
| CVE-2019-20919 | 0.00 | — | 0.00 | Sep 17, 2020 | An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference. | |||
| CVE-2014-10402 | 0.00 | — | 0.00 | Sep 16, 2020 | An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. | |||
| CVE-2020-14393 | 0.00 | — | 0.00 | Sep 16, 2020 | A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data. | |||
| CVE-2020-14392 | 0.00 | — | 0.00 | Sep 16, 2020 | An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability. | |||
| CVE-2014-10401 | 0.00 | — | 0.00 | Sep 11, 2020 | An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. | |||
| CVE-2013-7490 | 0.00 | — | 0.00 | Sep 11, 2020 | An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption. | |||
| CVE-2013-7491 | 0.00 | — | 0.00 | Sep 11, 2020 | An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated. | |||
| CVE-2011-1933 | 0.00 | — | 0.01 | Nov 26, 2019 | SQL injection vulnerability in Jifty::DBI before 0.68. | |||
| CVE-2005-0077 | 0.00 | — | 0.00 | May 2, 2005 | The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. |
- risk 0.57cvss 9.8epss 0.00
DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. …
- CVE-2026-9698Jun 9, 2026risk 0.00cvss —epss —
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an…
- CVE-2019-20919Sep 17, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
- CVE-2014-10402Sep 16, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
- CVE-2020-14393Sep 16, 2020risk 0.00cvss —epss 0.00
A buffer overflow was found in perl-DBI < 1.643 in DBI.xs. A local attacker who is able to supply a string longer than 300 characters could cause an out-of-bounds write, affecting the availability of the service or integrity of data.
- CVE-2020-14392Sep 16, 2020risk 0.00cvss —epss 0.00
An untrusted pointer dereference flaw was found in Perl-DBI < 1.643. A local attacker who is able to manipulate calls to dbd_db_login6_sv() could cause memory corruption, affecting the service's availability.
- CVE-2014-10401Sep 11, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
- CVE-2013-7490Sep 11, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
- CVE-2013-7491Sep 11, 2020risk 0.00cvss —epss 0.00
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
- CVE-2011-1933Nov 26, 2019risk 0.00cvss —epss 0.01
SQL injection vulnerability in Jifty::DBI before 0.68.
- CVE-2005-0077May 2, 2005risk 0.00cvss —epss 0.00
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.