CVE Catalog

CVE-2026-9698

CriticalCVSS 9.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.38%

29th percentile — higher than 29% of all known CVEs

Summary

A vulnerability in the DBI library for Perl before version 1.648 causes a buffer overflow when saving error messages. The issue occurs when RaiseError, PrintError, or HandleError options are enabled, and an attacker can influence the error text.

Risk Assessment

An attacker can exploit this buffer overflow to cause application crashes or potentially execute arbitrary code in the context of the process.

Recommendation

Immediately update the DBI library to version 1.648 or later, which includes a fix that limits the length of saved error messages.

Original NVD description (English source)

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS