XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

Description

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Affected Products

Vendor	Product	Versions
toddr	xml\	0

References

https://rt.cpan.org/Ticket/Display.html?id=19860(issue-tracking)
https://github.com/cpan-authors/XML-Parser/issues/39(issue-tracking)
https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch(patch)

Related News (1 articles)

Tier A

Microsoft MSRC3h ago

CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

→ No new info (linked only)

CVSS 3.19.8 CRITICAL

VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA KEV❌ No

Actively exploited❌ No

Patch available

2.48

CWECWE-193, CWE-122

PublishedMar 19, 2026

Last enriched6d ago

Trending Score45

Source articles1

Independent1

Info Completeness9/14

Missing: epss, kev, exploit, iocs, mitre_attack

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

Description

Affected Products

References

Related News (1 articles)

Community Vote

Related CVEs (2)

Pin to Dashboard

Verification

Vulnerability Timeline