{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2006-10003", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "state": "PUBLISHED", "assignerShortName": "CPANSec", "dateReserved": "2026-03-16T22:52:39.890Z", "datePublished": "2026-03-19T11:08:04.341Z", "dateUpdated": "2026-04-04T08:11:42.558Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "packageName": "XML-Parser", "product": "XML::Parser", "programFiles": ["Expat.xs"], "programRoutines": [{"name": "startElement"}], "repo": "http://github.com/toddr/XML-Parser", "vendor": "TODDR", "versions": [{"lessThanOrEqual": "2.47", "status": "affected", "version": "0", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting"}], "problemTypes": [{"descriptions": [{"cweId": "CWE-193", "description": "CWE-193 Off-by-one Error", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-03-19T11:08:04.341Z"}, "references": [{"tags": ["issue-tracking"], "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"}, {"tags": ["issue-tracking"], "url": "https://github.com/cpan-authors/XML-Parser/issues/39"}, {"tags": ["patch"], "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"}], "solutions": [{"lang": "en", "value": "Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.48 or later when it is released."}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2006-06-13T00:00:00.000Z", "value": "Issue logged and patch provided in Request Tracker for XML::Parser"}, {"lang": "en", "time": "2019-09-23T00:00:00.000Z", "value": "Issue migrated to github issue tracker"}, {"lang": "en", "time": "2019-09-24T00:00:00.000Z", "value": "Patch provided in github issue tracker"}, {"lang": "en", "time": "2026-03-16T00:00:00.000Z", "value": "PR created and commit merged to git repo"}], "title": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack", "workarounds": [{"lang": "en", "value": "Apply the patch that has been publicly available since 2006-06-13."}], "x_generator": {"engine": "cpansec-cna-tool 0.1"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-19T17:08:41.621885Z", "id": "CVE-2006-10003", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T17:09:59.672Z"}}, {"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/19/2"}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-04T08:11:42.558Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/19/2"}, {"url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-04-04T08:11:42.558Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2006-10003", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-19T17:08:41.621885Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-19T17:09:53.422Z"}}], "cna": {"title": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack", "source": {"discovery": "UNKNOWN"}, "affected": [{"repo": "http://github.com/toddr/XML-Parser", "vendor": "TODDR", "product": "XML::Parser", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.47"}], "packageName": "XML-Parser", "programFiles": ["Expat.xs"], "collectionURL": "https://cpan.org/modules", "defaultStatus": "unaffected", "programRoutines": [{"name": "startElement"}]}], "timeline": [{"lang": "en", "time": "2006-06-13T00:00:00.000Z", "value": "Issue logged and patch provided in Request Tracker for XML::Parser"}, {"lang": "en", "time": "2019-09-23T00:00:00.000Z", "value": "Issue migrated to github issue tracker"}, {"lang": "en", "time": "2019-09-24T00:00:00.000Z", "value": "Patch provided in github issue tracker"}, {"lang": "en", "time": "2026-03-16T00:00:00.000Z", "value": "PR created and commit merged to git repo"}], "solutions": [{"lang": "en", "value": "Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.48 or later when it is released."}], "references": [{"url": "https://rt.cpan.org/Ticket/Display.html?id=19860", "tags": ["issue-tracking"]}, {"url": "https://github.com/cpan-authors/XML-Parser/issues/39", "tags": ["issue-tracking"]}, {"url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch", "tags": ["patch"]}], "workarounds": [{"lang": "en", "value": "Apply the patch that has been publicly available since 2006-06-13."}], "x_generator": {"engine": "cpansec-cna-tool 0.1"}, "descriptions": [{"lang": "en", "value": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-193", "description": "CWE-193 Off-by-one Error"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-122", "description": "CWE-122 Heap-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "shortName": "CPANSec", "dateUpdated": "2026-03-19T11:08:04.341Z"}}}, "cveMetadata": {"cveId": "CVE-2006-10003", "state": "PUBLISHED", "dateUpdated": "2026-04-04T08:11:42.558Z", "dateReserved": "2026-03-16T22:52:39.890Z", "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "datePublished": "2026-03-19T11:08:04.341Z", "assignerShortName": "CPANSec"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:toddr:xml\\:\\:parser:*:*:*:*:*:perl:*:*", "matchCriteriaId": "11A15992-D3C4-4604-88DF-DF2E7872FEFD", "versionEndExcluding": "2.48", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting"}, {"lang": "es", "value": "Las versiones de XML::Parser hasta la 2.47 para Perl tienen un desbordamiento de b\u00fafer de mont\u00f3n por un error de uno en st_serial_stack.\n\nEn el caso (stackptr == stacksize - 1), la pila NO se expandir\u00e1. Luego, el nuevo valor se escribir\u00e1 en la ubicaci\u00f3n (++stackptr), que es igual a stacksize y, por lo tanto, cae justo fuera del b\u00fafer asignado.\n\nEl error se puede observar al analizar un archivo XML con anidamiento de elementos muy profundo."}], "id": "CVE-2006-10003", "lastModified": "2026-04-04T09:16:18.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-19T12:16:17.047", "references": [{"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Patch"], "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Issue Tracking"], "url": "https://github.com/cpan-authors/XML-Parser/issues/39"}, {"source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "tags": ["Mailing List"], "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2026/03/19/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html"}], "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-122"}, {"lang": "en", "value": "CWE-193"}], "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e", "type": "Secondary"}]}

{"bugzilla": {"description": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files", "id": "2448999", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-193", "details": ["A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2006-10003", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "perl-XML-Parser", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "perl-XML-Parser", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "perl-XML-Parser", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "perl-XML-Parser", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "perl-XML-Parser", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-03-19T11:08:04Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2006-10003\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-10003\nhttps://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch\nhttps://github.com/cpan-authors/XML-Parser/issues/39\nhttps://rt.cpan.org/Ticket/Display.html?id=19860"], "threat_severity": "Important"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.47]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "XML::Parser", "source": "cna", "vendor": "TODDR"}, "product": "xml::parser", "vendor": "toddr"}], "analysis": {"en": {"generated_at": "2026-03-19T19:20:54.737452+00:00", "value": {"mitigation_remediation": ["Apply the public patch that has been available since 2006\u201106\u201113", "Upgrade XML::Parser to version 2.48 or later when released"], "summary": {"action": "Apply Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "Affected products are provided by the vendor TODDR: XML::Parser for Perl. All versions prior to 2.48, including 2.47, are vulnerable. The issue affects the Perl module implementation of the XML::Parser library.", "description_and_impact": "The vulnerability is an off\u2011by\u2011one heap buffer overflow in the st_serial_stack routine of XML::Parser versions through 2.47 for Perl. When an XML document has very deep element nesting, the parser fails to expand the stack at the point where stackptr equals stacksize\u20111, causing a write to the location immediately beyond the allocated buffer. This memory corruption can allow a malicious attacker to overwrite critical data and achieve arbitrary code execution, as identified by CWE\u2011122 and CWE\u2011193.", "risk_and_exploitability": "The CVSS base score is 9.8, indicating a critical severity. The EPSS score is below 1%, suggesting a low current exploitation probability. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the likely attack vector is the parsing of a malicious XML file with deep nesting, which requires the attacker to supply such a file to the vulnerable parser. Given the high severity but low exploitation likelihood, immediate patching is recommended."}}}}, "created": "2026-03-20T08:56:56.029115+00:00", "updated": "2026-03-20T14:15:06.410570+00:00", "vendors": ["toddr", "toddr$PRODUCT$xml::parser"]}