| Package | libdbi-perl |
|---|---|
| Version | 1.636-1+deb9u3 (stretch), 1.642-1+deb10u3 (buster) |
| Related CVEs | CVE-2026-9698 CVE-2026-10879 |
- CVE-2026-9698
-
Error messages that were returned when
RaiseError,PrintErrororHandleErrorwere set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application could therefore trigger a buffer overflow. - CVE-2026-10879
-
The
preparse()method expands SQL placeholder characters within prepared statements to numbered binders of the form:pN, but only allocated three characters per binder in the buffer, leading to an out-of-bounds write when the statement had 10 or more binders.
For Debian 10 buster, these problems have been fixed in version 1.642-1+deb10u3.
For Debian 9 stretch, these problems have been fixed in version 1.636-1+deb9u3.
We recommend that you upgrade your libdbi-perl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.