Description
XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes.
The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.
Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition.
The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever.
Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition.
Published:
2026-07-16
Score:
n/a
EPSS:
n/a
KEV:
No
Impact:
n/a
Action:
n/a
No analysis available yet.
Remediation
Vendor Workaround
Apply the patch.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Thu, 16 Jul 2026 16:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes. The parserc_parse function never advances the attribute-parse state cursor on certain malformed attribute forms, looping forever. Nameless attributes such as "<a ='c'>" or unbalanced quotes "<a b='''''''c'>" can trigger this condition. | |
| Title | XML::Bare versions through 0.53 for Perl will hang in an infinite loop when parsing malformed attributes | |
| Weaknesses | CWE-835 | |
| References |
|
Subscriptions
No data.
Status: PUBLISHED
Assigner: CPANSec
Published:
Updated: 2026-07-16T16:14:50.176Z
Reserved: 2026-06-26T08:38:33.750Z
Link: CVE-2026-13401
No data.
No data.
No data.
OpenCVE Enrichment
No data.
Weaknesses
-
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')