DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
History

Tue, 07 Jul 2026 23:45:00 +0000

Type Values Removed Values Added
First Time appeared Hmbrand
Hmbrand dbi
Vendors & Products Hmbrand
Hmbrand dbi

Tue, 07 Jul 2026 22:45:00 +0000

Type Values Removed Values Added
Description DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
Title DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
Weaknesses CWE-125
References

cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-07-08T13:59:33.009Z

Reserved: 2026-07-04T09:43:56.576Z

Link: CVE-2026-14740

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-07-08T15:45:03Z