Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for DBI::ProfileData by HMBRAND

    CVE-2026-60081 (GCVE-0-2026-60081)

    Vulnerability from nvd – Published: 2026-07-14 15:34 – Updated: 2026-07-15 14:03
    VLAI
    Title
    DBI::ProfileData versions before 1.651 for Perl do not limit the path index
    Summary
    DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI::ProfileData Affected: 0 , < 1.651 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:23:07.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/14/14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60081",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:02:46.639739Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:03:34.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI::ProfileData",
              "programFiles": [
                "lib/DBI/ProfileData.pm"
              ],
              "programRoutines": [
                {
                  "name": "DBI::ProfileData::_read_body"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.651",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI::ProfileData versions before 1.651 for Perl do not limit the path index.\n\nThe path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:34:35.483Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.651/changes"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.651 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DBI::ProfileData versions before 1.651 for Perl do not limit the path index",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-60081",
        "datePublished": "2026-07-14T15:34:35.483Z",
        "dateReserved": "2026-07-08T11:45:04.838Z",
        "dateUpdated": "2026-07-15T14:03:34.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2026-60081 (GCVE-0-2026-60081)

    Vulnerability from cvelistv5 – Published: 2026-07-14 15:34 – Updated: 2026-07-15 14:03
    VLAI
    Title
    DBI::ProfileData versions before 1.651 for Perl do not limit the path index
    Summary
    DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-770 - Allocation of Resources Without Limits or Throttling
    Assigner
    Impacted products
    Vendor Product Version
    HMBRAND DBI::ProfileData Affected: 0 , < 1.651 (custom)
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-14T18:23:07.627Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "url": "http://www.openwall.com/lists/oss-security/2026/07/14/14"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "HIGH",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "NONE",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2026-60081",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2026-07-15T14:02:46.639739Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2026-07-15T14:03:34.263Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://cpan.org/modules",
              "defaultStatus": "unaffected",
              "packageName": "DBI",
              "product": "DBI::ProfileData",
              "programFiles": [
                "lib/DBI/ProfileData.pm"
              ],
              "programRoutines": [
                {
                  "name": "DBI::ProfileData::_read_body"
                }
              ],
              "repo": "https://github.com/perl5-dbi/dbi",
              "vendor": "HMBRAND",
              "versions": [
                {
                  "lessThan": "1.651",
                  "status": "affected",
                  "version": "0",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "DBI::ProfileData versions before 1.651 for Perl do not limit the path index.\n\nThe path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-770",
                  "description": "CWE-770 Allocation of Resources Without Limits or Throttling",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-14T15:34:35.483Z",
            "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
            "shortName": "CPANSec"
          },
          "references": [
            {
              "tags": [
                "vendor-advisory"
              ],
              "url": "https://github.com/perl5-dbi/dbi/security/advisories/GHSA-ww49-w4mv-jrr4"
            },
            {
              "tags": [
                "release-notes"
              ],
              "url": "https://metacpan.org/release/HMBRAND/DBI-1.651/changes"
            },
            {
              "tags": [
                "patch"
              ],
              "url": "https://github.com/perl5-dbi/dbi/commit/6764e755e83ee1ebb1b40760e5b53eb50960bd7a.patch"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade to version 1.651 or later."
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "DBI::ProfileData versions before 1.651 for Perl do not limit the path index",
          "x_generator": {
            "engine": "cpansec-cna-tool 0.1"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "assignerShortName": "CPANSec",
        "cveId": "CVE-2026-60081",
        "datePublished": "2026-07-14T15:34:35.483Z",
        "dateReserved": "2026-07-08T11:45:04.838Z",
        "dateUpdated": "2026-07-15T14:03:34.263Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }