Description
DBI::ProfileData versions before 1.651 for Perl do not limit the path index.
The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.
The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory.
Analysis and contextual insights are available on OpenCVE Cloud.
Remediation
Vendor Solution
Upgrade to version 1.651 or later.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Wed, 15 Jul 2026 14:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
cvssV3_1
|
Tue, 14 Jul 2026 15:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | DBI::ProfileData versions before 1.651 for Perl do not limit the path index. The path index column of profile dump files is used to allocate an array of data for the parser. An unbounded value allows an attacker to specify a large index and consume available memory. | |
| Title | DBI::ProfileData versions before 1.651 for Perl do not limit the path index | |
| Weaknesses | CWE-770 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-15T14:03:34.263Z
Reserved: 2026-07-08T11:45:04.838Z
Link: CVE-2026-60081
Updated: 2026-07-14T18:23:07.627Z
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses