Unrated severityNVD Advisory· Published Mar 19, 2026· Updated Apr 29, 2026
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes
CVE-2006-10002
Description
XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.
A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- Range: <=2.41
- osv-coords19 versionspkg:rpm/almalinux/perl-XML-Parserpkg:rpm/opensuse/perl-XML-Parser&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/perl-XML-Parser&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/perl-XML-Parser&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 2.46-9.1.el9_7+ 18 more
- (no CPE)range: < 2.46-9.1.el9_7
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.470.0-160000.3.1
- (no CPE)range: < 2.570.0-1.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.41-23.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.470.0-160000.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.470.0-160000.3.1
- (no CPE)range: < 2.41-23.3.1
- TODDR/XML::Parserv5Range: 0
Patches
Vulnerability mechanics
References
4- github.com/cpan-authors/XML-Parser/commit/56b0509dfc6b559cd7555ea81ee62e3622069255.patchmitrepatch
- github.com/cpan-authors/XML-Parser/issues/64mitreissue-tracking
- metacpan.org/release/TODDR/XML-Parser-2.46/changesmitrerelease-notes
- rt.cpan.org/Ticket/Display.htmlmitreissue-tracking
News mentions
0No linked articles in our index yet.