/ 
DBI-1.643_01
⭐ Starred 84 / DBI::Gofer::Serializer::Base
Security Advisories (2)
CVE-2026-10879 (2026-06-05)

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.

CVE-2026-9698 (2026-06-09)

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

NAME

DBI::Gofer::Serializer::Base - base class for Gofer serialization

SYNOPSIS

$serializer = $serializer_class->new();

$string = $serializer->serialize( $data );
($string, $deserializer_class) = $serializer->serialize( $data );

$data = $serializer->deserialize( $string );

DESCRIPTION

DBI::Gofer::Serializer::* classes implement a very minimal subset of the Data::Serializer API.

Gofer serializers are expected to be very fast and are not required to deal with anything other than non-blessed references to arrays and hashes, and plain scalars.