CVE-2006-10003

Published: Mar 19, 2026 Last Modified: Mar 19, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

The bug can be observed when parsing an XML file with very deep element nesting

122

Heap-based Buffer Overflow

Draft
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control Other
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Execute Unauthorized Code Or Commands Bypass Protection Mechanism Modify Memory Other
Applicable Platforms
Languages: C, C++, Memory-Unsafe
Likelihood of Exploit: High
View CWE Details
193

Off-by-one Error

Draft
Abstraction: Base Structure: Simple
Common Consequences
Security Scopes Affected:
Availability Integrity Confidentiality Access Control
Potential Impacts:
Dos: Crash, Exit, Or Restart Dos: Resource Consumption (Cpu) Dos: Resource Consumption (Memory) Dos: Instability Modify Memory Execute Unauthorized Code Or Commands Bypass Protection Mechanism
Applicable Platforms
Languages: C, Not Language-Specific
View CWE Details
https://github.com/cpan-authors/XML-Parser/commit/3eb9cc954…
https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c470896…
https://github.com/cpan-authors/XML-Parser/issues/39
https://github.com/cpan-authors/XML-Parser/issues/39
https://rt.cpan.org/Ticket/Display.html?id=19860
https://rt.cpan.org/Ticket/Display.html?id=19860