CVE-2006-10002

Published: Mar 19, 2026 Last Modified: Mar 19, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.

A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

122

Heap-based Buffer Overflow

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Modify Memory Other
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
176

Improper Handling of Unicode Encoding

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Integrity
Potential Impacts:
Unexpected State
Applicable Platforms
All platforms may be affected
View CWE Details
https://github.com/cpan-authors/XML-Parser/commit/6b291f4d2…
https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a…
https://github.com/cpan-authors/XML-Parser/issues/64
https://github.com/cpan-authors/XML-Parser/issues/64
https://rt.cpan.org/Ticket/Display.html?id=19859
https://rt.cpan.org/Ticket/Display.html?id=19859