/ 
DBI-1.644
⭐ Starred 84 / Bundle::DBI
Security Advisories (2)
CVE-2026-10879 (2026-06-05)

DBI versions before 1.648 for Perl have a heap overflow when preparsing SQL statements with more than 9 binders. The preparse method expands SQL placeholder characters to numbered binders of the form :pN, but only allocates three characters per binder in the buffer. Placeholders 10-99 require four characters, 100-999 require five characters, et cetera.

CVE-2026-9698 (2026-06-09)

DBI versions before 1.648 for Perl saved errors in a limited-sized buffer. Error messages that were returned when RaiseError, PrintError or HandleError were set were written to a 200-byte buffer without a length limit. Attackers that can influence the error text in an application can trigger a buffer overflow.

NAME

Bundle::DBI - A bundle to install DBI and required modules.

SYNOPSIS

perl -MCPAN -e 'install Bundle::DBI'

CONTENTS

DBI - for to get to know thyself

DBI::Shell 11.91 - the DBI command line shell

Storable 2.06 - for DBD::Proxy, DBI::ProxyServer, DBD::Forward

Net::Daemon 0.37 - for DBD::Proxy and DBI::ProxyServer

RPC::PlServer 0.2016 - for DBD::Proxy and DBI::ProxyServer

DBD::Multiplex 1.19 - treat multiple db handles as one

DESCRIPTION

This bundle includes all the modules used by the Perl Database Interface (DBI) module, created by Tim Bunce.

A Bundle is a module that simply defines a collection of other modules. It is used by the CPAN module to automate the fetching, building and installing of modules from the CPAN ftp archive sites.

This bundle does not deal with the various database drivers (e.g. DBD::Informix, DBD::Oracle etc), most of which require software from sources other than CPAN. You'll need to fetch and build those drivers yourself.

AUTHORS

Jonathan Leffler, Jochen Wiedmann and Tim Bunce.