DBI versions before 1.648 for Perl saved errors in a limited-sized buffer.
Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit.
Attackers that can influence the error text in an application can trigger a buffer overflow.
CVSS Score
9.8
EPSS Score
0.0
Published
2026-06-09
An issue was discovered in the DBI module before 1.643 for Perl. The hv_fetch() documentation requires checking for NULL and the code does that. But, shortly thereafter, it calls SvOK(profile), causing a NULL pointer dereference.
CVSS Score
4.7
EPSS Score
0.001
Published
2020-09-17
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-09-16
An issue was discovered in the DBI module before 1.632 for Perl. Using many arguments to methods for Callbacks may lead to memory corruption.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-09-11
An issue was discovered in the DBI module before 1.628 for Perl. Stack corruption occurs when a user-defined function requires a non-trivial amount of memory and the Perl stack gets reallocated.
CVSS Score
5.3
EPSS Score
0.004
Published
2020-09-11
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
CVSS Score
6.1
EPSS Score
0.0
Published
2020-09-11