Zero Day MonitorZDM
DashboardVulnerabilitiesTrendingZero-DaysNewsAbout
Login
ImpressumPrivacy Policy
Zero Day Monitor © 2026
2770 articles · 175029 vulns · 36/41 feeds (7d)
← Back to list
—
CVE-2026-14740PATCHED
perl · dbi

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment

Description

DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment. The preparse method normalises SQL and removes comments. When the SQL starts with a comment line, the deletion of that line during normalisation led to an out-of-bounds read by one byte. The result is a fault on memory-hardened builds and nondeterministic newline retention on normal builds.

Affected Products

VendorProductVersions
perldbi0

References

  • https://github.com/perl5-dbi/dbi/commit/fc16f9e8b3dd5c65caf1867781ab2bfe2fadcc01.patch(patch)
  • https://github.com/perl5-dbi/dbi/security/advisories/GHSA-35f4-f8m9-w8xg(vendor-advisory)
  • https://metacpan.org/release/HMBRAND/DBI-1.650/changes(release-notes)

Related News (3 articles)

Tier A
Microsoft MSRC2d ago
CVE-2026-14740 DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
→ No new info (linked only)
Tier C
VulDB6d ago
CVE-2026-14740 | DBI up to 1.649 SQL Comment preparse out-of-bounds
→ No new info (linked only)
Tier C
oss-security6d ago
CVE-2026-14740: DBI versions before 1.650 for Perl read one byte out-of-bounds in preparse when deleting an initial SQL comment
→ No new info (linked only)
CISA KEV❌ No
Actively exploited❌ No
Patch available
1.650
CWECWE-125
PublishedJul 7, 2026
Last enriched6d ago
Trending Score35
Source articles3
Independent3
Info Completeness8/14
Missing: cvss, epss, kev, exploit, iocs, mitre_attack

Community Vote

0
Login to vote
0 upvotes0 downvotes
No votes yet

Related CVEs (5)

CRITICALCVE-2026-14739EXP
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders
Trending: 49
NONECVE-2026-57432EXP
Perl versions through 5.43.10 have an integer overflow in S_measure_struct leading to an out-of-bounds heap read in pack and unpack
Trending: 49
NONECVE-2026-13221EXP
Perl versions through 5.43.9 produce silently incorrect regular expression matches when an alternation of more than 65535 fixed string branches is compiled into a trie in Perl_study_chunk
Trending: 49
NONECVE-2026-14380EXP
DBI versions before 1.650 for Perl are vulnerable to code injection via caller-influenced Profile
Trending: 38
NONECVE-2026-8450EXP
HTTP::Daemon versions before 6.17 for Perl allow OS command injection via send_file()
Trending: 26

Pin to Dashboard

Verification

State: verified
Confidence: 0%

Vulnerability Timeline

CVE Published
Jul 7, 2026
Discovered by ZDM
Jul 7, 2026
Patch Available
Jul 8, 2026