CVE-2026-14739

Public on 2026-07-07
Modified on 2026-07-10
Description
DBI versions before 1.650 for Perl have a heap overflow when preparsing SQL statements with an extreme number of placeholders.

The fix for CVE-2026-10879 did not allocate enough memory to handle approximately 1.2-million placeholders.

DBI version 1.650 sets a hard limit of 99,999 placeholders.
Severity
Important severity
Important
See what this means
CVSS v3 Base Score
7.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core perl-DBI Pending Fix
Amazon Linux 2023 perl-DBI Pending Fix

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H