CVE-2026-9698
9.8 CRITICALDBI versions before 1.648 for Perl saved errors in a limited-sized buffer
Published: 2026-06-09 · Last updated: 2026-06-09
Severity and scoring
- CVSS
- 9.8 CRITICAL
- Vector
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- CWE
- CWE-787
Affected products
| Vendor | Product |
|---|---|
| perl | dbi |
Description
DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.
Source: NVD
References
Related CVEs
Same vendor
- CVE-2026-8376 — Perl versions through 5.43.10 have a heap buffer overflow when compiling regular expressions with a repeated fixed string on 32-bit builds (9.8 CRITICAL)
Same CWE
- CVE-2026-45328 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (9.3 CRITICAL)
- CVE-2026-44634 — SimpleBLE is a cross-platform library and bindings for Bluetooth Low Energy (BLE)
- CVE-2026-47911 — Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by an out-of-bounds write vulnerability that could result in ... (7.8 HIGH)
- CVE-2026-48306 — Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code... (7.8 HIGH)
- CVE-2026-48305 — Substance3D - Sampler versions 6.0.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code... (7.8 HIGH)