/ 
DBI-1.643_02
⭐ Starred 84 / DBD::Gofer::Policy::rush
Security Advisories (2)
CVE-2026-10879 (2026-06-05)

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.

CVE-2026-9698 (2026-06-09)

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

NAME

DBD::Gofer::Policy::rush - The 'rush' policy for DBD::Gofer

SYNOPSIS

$dbh = DBI->connect("dbi:Gofer:transport=...;policy=rush", ...)

DESCRIPTION

The rush policy tries to make as few round-trips as possible. It's the opposite end of the policy spectrum to the pedantic policy.

Temporary docs: See the source code for list of policies and their defaults.

In a future version the policies and their defaults will be defined in the pod and parsed out at load-time.

AUTHOR

Tim Bunce, http://www.tim.bunce.name

LICENCE AND COPYRIGHT

Copyright (c) 2007, Tim Bunce, Ireland. All rights reserved.

This module is free software; you can redistribute it and/or modify it under the same terms as Perl itself. See perlartistic.