CVE-2026-60081

high

Description

DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.

References

https://metacpan.org/release/HMBRAND/DBI-1.651/changes

https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4

https://github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a.patch

Details

Source: Mitre, NVD

Published: 2026-07-14

Updated: 2026-07-14

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High