CVE-2026-14740
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
CVSS Score
9.1
EPSS Score
0.2%
EPSS Percentile
8th
DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.
| CWE | CWE-125 |
| Vendor | hmbrand |
| Product | dbi |
| Published | Jul 7, 2026 |
| Last Updated | Jul 8, 2026 |
Stay Ahead of the Next One
Get instant alerts for hmbrand dbi
Be the first to know when new critical vulnerabilities affecting hmbrand dbi are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
HMBRAND / DBI
0 < 1.650
References
github.com: https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01.patch github.com: https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg metacpan.org: https://metacpan.org/release/HMBRAND/DBI-1.650/changes openwall.com: http://www.openwall.com/lists/oss-security/2026/07/07/17