Description
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

The bug can be observed when parsing an XML file with very deep element nesting
Published: 2026-03-19
Score: 9.8 Critical
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution
Action: Apply Patch
AI Analysis

Impact

The vulnerability is an off‑by‑one heap buffer overflow in the st_serial_stack routine of XML::Parser versions through 2.47 for Perl. When an XML document has very deep element nesting, the parser fails to expand the stack at the point where stackptr equals stacksize‑1, causing a write to the location immediately beyond the allocated buffer. This memory corruption can allow a malicious attacker to overwrite critical data and achieve arbitrary code execution, as identified by CWE‑122 and CWE‑193.

Affected Systems

Affected products are provided by the vendor TODDR: XML::Parser for Perl. All versions prior to 2.48, including 2.47, are vulnerable. The issue affects the Perl module implementation of the XML::Parser library.

Risk and Exploitability

The CVSS base score is 9.8, indicating a critical severity. The EPSS score is below 1%, suggesting a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is the parsing of a malicious XML file with deep nesting, which requires the attacker to supply such a file to the vulnerable parser. Given the high severity but low exploitation likelihood, immediate patching is recommended.

Generated by OpenCVE AI on March 19, 2026 at 19:20 UTC.

Remediation

Vendor Solution

Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.48 or later when it is released.

Vendor Workaround

Apply the patch that has been publicly available since 2006-06-13.

OpenCVE Recommended Actions

  • Apply the public patch that has been available since 2006‑06‑13
  • Upgrade XML::Parser to version 2.48 or later when released

Generated by OpenCVE AI on March 19, 2026 at 19:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4522-1 libxml-parser-perl security update
Debian DSA Debian DSA DSA-6182-1 libxml-parser-perl security update
Ubuntu USN Ubuntu USN USN-8174-1 XML::Parser vulnerabilities
History

Sat, 04 Apr 2026 10:00:00 +0000

Type Values Removed Values Added
References

Fri, 20 Mar 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Toddr xml::parser
Vendors & Products Toddr xml::parser

Fri, 20 Mar 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 threat_severity

Important

Thu, 19 Mar 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Toddr
Toddr xml\
CPEs cpe:2.3:a:toddr:xml\:\:parser:*:*:*:*:*:perl:*:*
Vendors & Products Toddr
Toddr xml\

Thu, 19 Mar 2026 18:30:00 +0000

Type Values Removed Values Added
References

Thu, 19 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Thu, 19 Mar 2026 11:30:00 +0000

Type Values Removed Values Added
Description XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting
Title XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack
Weaknesses CWE-122
CWE-193
References

Subscriptions

Toddr Xml::parser Xml\
cve-icon MITRE

Status: PUBLISHED

Assigner: CPANSec

Published:

Updated: 2026-04-04T08:11:42.558Z

Reserved: 2026-03-16T22:52:39.890Z

Link: CVE-2006-10003

cve-icon Vulnrichment

Updated: 2026-04-04T08:11:42.558Z

cve-icon NVD

Status : Modified

Published: 2026-03-19T12:16:17.047

Modified: 2026-04-04T09:16:18.710

Link: CVE-2006-10003

cve-icon Redhat

Severity : Important

Publid Date: 2026-03-19T11:08:04Z

Links: CVE-2006-10003 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-03-20T14:15:06Z

Weaknesses