CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2006-10003

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 4.7%

CVSS Severity

CVSS v3 Score 9.8

References

https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch
https://github.com/cpan-authors/XML-Parser/issues/39
https://rt.cpan.org/Ticket/Display.html?id=19860
http://www.openwall.com/lists/oss-security/2026/03/19/2

Products affected by CVE-2006-10003

Toddr » Xml: » Version: Any

cpe:2.3:a:toddr:xml:

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2006-10003

Products

Pricing

Contact Us