oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE-2026-3257: UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library

From: Robert Rothenberg <rrwo () cpan org>
Date: Thu, 5 Mar 2026 09:05:07 +0000
========================================================================
CVE-2026-3257                                        CPAN Security Group
========================================================================

        CVE ID:  CVE-2026-3257
  Distribution:  UnQLite
      Versions:  through 0.06

      MetaCPAN:  https://metacpan.org/dist/UnQLite
      VCS Repo:  https://github.com/tokuhirom/UnQLite


UnQLite versions through 0.06 for Perl uses a potentially insecure
version of the UnQLite library

Description
-----------
UnQLite versions through 0.06 for Perl uses a potentially insecure
version of the UnQLite library.

UnQLite for Perl embeds the UnQLite library.  Version 0.06 and earlier
of the Perl module uses a version of the library from 2014 that may be
vulnerable to a heap-based overflow.

Problem types
-------------
- CWE-1395 Dependency on Vulnerable Third-Party Component

Workarounds
-----------
Upgrade to UnQLite for Perl version 0.07 or later.


Solutions
---------
UnQLite for Perl has been deprecated since version 0.06. Migrate to a
different solution.


References
----------
https://metacpan.org/release/TOKUHIROM/UnQLite-0.07/source/Changes
https://www.cve.org/CVERecord?id=CVE-2025-3791
https://unqlite.symisc.net/
Previous By Date Next
Previous By Thread Next

Current thread: