Heap Buffer Overflow in XML::Parser Affects Perl Applications
CVE-2006-10003

9.8CRITICAL

Key Information:

Vendor

Toddr

Status
Xml::parser
Vendor
CVE Published:
19 March 2026

What is CVE-2006-10003?

A heap buffer overflow vulnerability in XML::Parser versions up to 2.47 for Perl can occur when parsing XML files with deeply nested elements. This flaw happens due to an off-by-one error in the st_serial_stack function, where the stack pointer is incorrectly advanced without sufficient buffer space being allocated, potentially leading to unauthorized access or application crashes.

Affected Version(s)

XML::Parser 0 <= 2.47

References

https://rt.cpan.org/Ticket/Display.html?id=19860
issue-tracking
https://github.com/cpan-authors/XML-Parser/issues/39
issue-tracking
https://github.com/cpan-authors/XML-Parser/commit/3eb9cc9...
patch

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.