← Volver a CVEs
CVE-2006-10003
CRITICAL9.8
Descripcion
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado3/19/2026
Ultima modificacion4/4/2026
Fuentenvd
Avistamientos honeypot0
Productos afectados
toddr:xml\
Debilidades (CWE)
CWE-122CWE-193
Referencias
https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://github.com/cpan-authors/XML-Parser/issues/39(9b29abf9-4ab0-4765-b253-1875cd9b441e)
https://rt.cpan.org/Ticket/Display.html?id=19860(9b29abf9-4ab0-4765-b253-1875cd9b441e)
http://www.openwall.com/lists/oss-security/2026/03/19/2(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.