CRITICAL🇵🇱 Wersja polska

CVE-2026-3257

CVSS 9.8v3.1pub. 2026-03-05upd. 2026-03-09

UnQLite versions through 0.06 for Perl uses a potentially insecure version of the UnQLite library. UnQLite for Perl embeds the UnQLite library. Version 0.06 and earlier of the Perl module uses a version of the library from 2014 that may be vulnerable to a heap-based overflow.

🤖 AI Analysis
How it works

The Perl UnQLite module does not use a system installation of the UnQLite library, but instead includes a copy directly in the package. The embedded version of the library is from 2014 and may contain a heap-based buffer overflow error. An attacker could potentially provide crafted input data that triggers an improper heap memory operation, leading to corruption of its contents.

Impact

Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely (RCE), and may also lead to breaches of confidentiality, integrity, and availability of the system — in accordance with the CVSS vector (C:H/I:H/A:H).

Mitigation & patch

Update the Perl UnQLite module to version 0.07 or later, which contains an updated version of the UnQLite library. Information about the change is available in the Changes file for version 0.07 on MetaCPAN.

Who is affected

Perl UnQLite module (Tokuhirom/UnQLite) in version 0.06 and earlier

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Tokuhirom Unqlite

    APP
    Tokuhirom
    < 0.07
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2025-15604CRITICAL9.8PL ✓ten sam vendor

Amon2 dla Perl — słabe generowanie losowości w funkcjach bezpieczeństwa

CVE-2026-5082MEDIUM5.3ten sam vendor

Amon2::Plugin::Web::CSRFDefender versions from 7.00 through 7.03 for Perl generate an insecure session id. Th...

CVE-2018-25160MEDIUM6.5ten sam vendor

HTTP::Session2 versions through 1.09 for Perl does not validate the format of user provided session ids, enabl...

CVE-2026-3255MEDIUM6.5ten sam vendor

HTTP::Session2 versions before 1.12 for Perl for Perl may generate weak session ids using the rand() function....