QwikSec

Security Database

CVE

CWE

Training

CVE-2006-10003

Published: Mar 19, 2026

Modified: Apr 4, 2026

PUBLISHED

Description

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Vendor	Product	Versions
TODDR	XML::Parser	affected `0 - <= 2.47`

Weaknesses (CWE)

References

https://rt.cpan.org/Ticket/Display.html?id=19860

issue-tracking

https://github.com/cpan-authors/XML-Parser/issues/39

issue-tracking

https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch

patch

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.