{"id":"OESA-2026-2684","summary":"perl-DBI security update","details":"The DBI is the standard database interface module for Perl. It defines a set of methods, variables and conventions that provide a consistent database interface independent of the actual database being used. It is important to remember that the DBI is just an interface. The DBI is a layer of &amp;quot;glue&amp;quot; between an application and one or more database driver modules. It is the driver modules which do most of the real work. The DBI provides a standard interface and framework for the drivers to operate within.\r\n\r\nSecurity Fix(es):\n\nDBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders.\n\nThe preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer.  Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.(CVE-2026-10879)\n\nDBI versions before 1.648 for Perl saved errors in a limited-sized buffer.\n\nError messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit.\n\nAttackers that can influence the error text in an application can trigger a buffer overflow.(CVE-2026-9698)","modified":"2026-06-12T12:45:12.140312309Z","published":"2026-06-12T12:28:51Z","upstream":["CVE-2026-10879","CVE-2026-9698"],"database_specific":{"severity":"Critical"},"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2684"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-10879"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-9698"}],"affected":[{"package":{"name":"perl-DBI","ecosystem":"openEuler:20.03-LTS-SP4","purl":"pkg:rpm/openEuler/perl-DBI&distro=openEuler-20.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.643-4.oe2003sp4"}]}],"ecosystem_specific":{"src":["perl-DBI-1.643-4.oe2003sp4.src.rpm"],"noarch":["perl-DBI-help-1.643-4.oe2003sp4.noarch.rpm"],"aarch64":["perl-DBI-1.643-4.oe2003sp4.aarch64.rpm","perl-DBI-debuginfo-1.643-4.oe2003sp4.aarch64.rpm","perl-DBI-debugsource-1.643-4.oe2003sp4.aarch64.rpm"],"x86_64":["perl-DBI-1.643-4.oe2003sp4.x86_64.rpm","perl-DBI-debuginfo-1.643-4.oe2003sp4.x86_64.rpm","perl-DBI-debugsource-1.643-4.oe2003sp4.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2684.json"}},{"package":{"name":"perl-DBI","ecosystem":"openEuler:22.03-LTS-SP4","purl":"pkg:rpm/openEuler/perl-DBI&distro=openEuler-22.03-LTS-SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.643-5.oe2203sp4"}]}],"ecosystem_specific":{"noarch":["perl-DBI-help-1.643-5.oe2203sp4.noarch.rpm"],"aarch64":["perl-DBI-1.643-5.oe2203sp4.aarch64.rpm","perl-DBI-debuginfo-1.643-5.oe2203sp4.aarch64.rpm","perl-DBI-debugsource-1.643-5.oe2203sp4.aarch64.rpm"],"src":["perl-DBI-1.643-5.oe2203sp4.src.rpm"],"x86_64":["perl-DBI-1.643-5.oe2203sp4.x86_64.rpm","perl-DBI-debuginfo-1.643-5.oe2203sp4.x86_64.rpm","perl-DBI-debugsource-1.643-5.oe2203sp4.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2684.json"}},{"package":{"name":"perl-DBI","ecosystem":"openEuler:24.03-LTS-SP1","purl":"pkg:rpm/openEuler/perl-DBI&distro=openEuler-24.03-LTS-SP1"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.643-5.oe2403sp1"}]}],"ecosystem_specific":{"src":["perl-DBI-1.643-5.oe2403sp1.src.rpm"],"noarch":["perl-DBI-help-1.643-5.oe2403sp1.noarch.rpm"],"aarch64":["perl-DBI-1.643-5.oe2403sp1.aarch64.rpm","perl-DBI-debuginfo-1.643-5.oe2403sp1.aarch64.rpm","perl-DBI-debugsource-1.643-5.oe2403sp1.aarch64.rpm"],"x86_64":["perl-DBI-1.643-5.oe2403sp1.x86_64.rpm","perl-DBI-debuginfo-1.643-5.oe2403sp1.x86_64.rpm","perl-DBI-debugsource-1.643-5.oe2403sp1.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2684.json"}},{"package":{"name":"perl-DBI","ecosystem":"openEuler:24.03-LTS-SP3","purl":"pkg:rpm/openEuler/perl-DBI&distro=openEuler-24.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.643-5.oe2403sp3"}]}],"ecosystem_specific":{"src":["perl-DBI-1.643-5.oe2403sp3.src.rpm"],"noarch":["perl-DBI-help-1.643-5.oe2403sp3.noarch.rpm"],"aarch64":["perl-DBI-1.643-5.oe2403sp3.aarch64.rpm","perl-DBI-debuginfo-1.643-5.oe2403sp3.aarch64.rpm","perl-DBI-debugsource-1.643-5.oe2403sp3.aarch64.rpm"],"x86_64":["perl-DBI-1.643-5.oe2403sp3.x86_64.rpm","perl-DBI-debuginfo-1.643-5.oe2403sp3.x86_64.rpm","perl-DBI-debugsource-1.643-5.oe2403sp3.x86_64.rpm"]},"database_specific":{"source":"https://repo.openeuler.org/security/data/osv/OESA-2026-2684.json"}}],"schema_version":"1.7.5"}