CVE-2006-10003
CRITICALPerl XML::Parser <=2.47 st_serial_stack - Off-by-One Heap Buffer Overflow
Title source: manualDescription
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting
References (5)
Core 5
Core References
Mailing List, Patch, Third Party Advisory
http://www.openwall.com/lists/oss-security/2026/03/19/2
Issue Tracking issue-tracking
https://rt.cpan.org/Ticket/Display.html?id=19860
Issue Tracking issue-tracking
https://github.com/cpan-authors/XML-Parser/issues/39
Scores
CVSS v3
9.8
EPSS
0.0051
EPSS Percentile
39.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-122
CWE-193
Status
published
Products (2)
TODDR/XML::Parser
< 2.47
toddr/xml\
< 2.48
Published
Mar 19, 2026
Tracked Since
Mar 19, 2026