CVE-2026-60082
Publication date 14 July 2026
Last updated 16 July 2026
Ubuntu priority
Description
DBI versions before 1.651 for Perl do not enforce statement handle consistency with the row. When the statement handle had no fields but the source row was non-empty, the internal row-buffer helper would read from a negative array index. This could be triggered by a caller supplying inconsistent metadata and rows to the prepare method.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| libdbi-perl | 26.04 LTS resolute |
Needs evaluation
|
| 24.04 LTS noble |
Needs evaluation
|
|
| 22.04 LTS jammy |
Needs evaluation
|
|
| 20.04 LTS focal |
Needs evaluation
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
|
| 14.04 LTS trusty |
Needs evaluation
|
References
Other references
- https://www.cve.org/CVERecord?id=CVE-2026-60082
- https://lists.security.metacpan.org/cve-announce/msg/41813803/
- https://github.com/perl5-dbi/dbi/security/advisories/GHSA-rwhc-hhmv-cjvg
- https://github.com/perl5-dbi/dbi/commit/397868704291bbf0989b97e2c0661189890653e2.patch
- https://metacpan.org/release/HMBRAND/DBI-1.651/changes
- http://www.openwall.com/lists/oss-security/2026/07/14/13