CVE-2026-60081

Source
https://cve.org/CVERecord?id=CVE-2026-60081
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-60081.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-60081
Aliases
  • GHSA-ww49-w4mv-jrr4
Downstream
Published
2026-07-14T15:34:35.483Z
Modified
2026-07-17T03:41:39.678540053Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
DBI::ProfileData versions before 1.651 for Perl do not limit the path index
Details

DBI::ProfileData versions before 1.651 for Perl do not limit the path index.

The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.

Database specific
{
    "cwe_ids": [
        "CWE-770"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/60xxx/CVE-2026-60081.json",
    "cna_assigner": "CPANSec",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "1.651"
                }
            ],
            "source": "AFFECTED_FIELD"
        },
        {
            "extracted_events": [
                {
                    "fixed": "1.651"
                }
            ],
            "source": "DESCRIPTION"
        }
    ]
}
References

Affected packages

Git / github.com/perl5-dbi/dbi

Affected ranges

Type
GIT
Repo
https://github.com/perl5-dbi/dbi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Affected versions

1.*
1.602
1.607
1.611_90
1.611_91
1.611_92
1.611_93
1.611_94
1.613_70
1.613_71
1.613_90
1.613_91
1.613_92
1.613_93
1.614_90
1.615
1.618
1.619
1.622
1.624
1.625
1.626
1.627
1.628
1.630
1.631
1.632
1.632_90
1.633
1.633_90
1.633_91
1.633_92
1.634
1.635
1.636
1.637
1.638
1.639
1.640
1.641
1.642
1.643
1.643_01
1.643_02
1.644
1.645
1.646
1.647
1.648
1.649
1.650
DBI-1.*
DBI-1.47
DBI-1.51
DBI-1.57
DBI-1.58

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-60081.json"