CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2006-10003

CVSS 9.8v3.1pub. 2026-03-19upd. 2026-06-30

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

🤖 AI Analysis
How it works

The bug occurs in the serialization stack structure (st_serial_stack). When the stack pointer (stackptr) reaches a value equal to (stacksize - 1), the mechanism does not expand the buffer, then increments the pointer and writes a new value at address (stackptr == stacksize), which exceeds by one element the allocated heap memory area. This condition is reached when parsing an XML document with exceptionally deeply nested elements, which an attacker can trigger by providing an appropriately crafted XML file.

Impact

An attacker can overwrite adjacent heap memory areas, which in practice can lead to arbitrary code execution (RCE), data disclosure, or process destabilization (application crash).

Mitigation & patch

The XML::Parser library should be updated to a version containing the fix indicated in the vendor references (commit 3eb9cc95420fa0c3f76947c4708962546bf27cfd in the cpan-authors/XML-Parser repository). Debian distribution users should install the update package announced by Debian LTS in accordance with the debian-lts-announce notice from April 2026.

Who is affected

XML::Parser for Perl in versions up to and including 2.47 (Toddr XML::Parser).

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Toddr Xml\

    APP
    Toddr
    \
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Memory
CWE
References

Related vulnerabilities

CVE-2006-10002HIGH7.5ten sam produkt

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruptio...

CVE-2026-4177CRITICAL9.1PL ✓ten sam vendor

Heap buffer overflow i inne podatności w YAML::Syck dla Perl (do wersji 1.36)

CVE-2025-11683MEDIUM6.5ten sam vendor

YAML::Syck versions before 1.36 for Perl has missing null-terminators which causes out-of-bounds read and pote...