CVE-2006-10003
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.
In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.
The bug can be observed when parsing an XML file with very deep element nesting
In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.
The bug can be observed when parsing an XML file with very deep element nesting
Vendor
Product
CWE
Yayın Tarihi
2026-03-19 12:16:17
Güncelleme
2026-04-04 09:16:18
Source Identifier
9b29abf9-4ab0-4765-b253-1875cd9b441e
KEV Date Added
-
Kategoriler
Referanslar
https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch
https://github.com/cpan-authors/XML-Parser/issues/39
https://rt.cpan.org/Ticket/Display.html?id=19860
http://www.openwall.com/lists/oss-security/2026/03/19/2
https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html