Critical severity9.8NVD Advisory· Published Mar 19, 2026· Updated Apr 4, 2026
CVE-2006-10003
CVE-2006-10003
Description
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.
In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.
The bug can be observed when parsing an XML file with very deep element nesting
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
21- Range: <=2.47
- osv-coords19 versionspkg:rpm/almalinux/perl-XML-Parserpkg:rpm/opensuse/perl-XML-Parser&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/perl-XML-Parser&distro=openSUSE%20Leap%2016.0pkg:rpm/opensuse/perl-XML-Parser&distro=openSUSE%20Tumbleweedpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%2016.0pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0pkg:rpm/suse/perl-XML-Parser&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 2.46-9.1.el9_7+ 18 more
- (no CPE)range: < 2.46-9.1.el9_7
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.470.0-160000.3.1
- (no CPE)range: < 2.570.0-1.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.41-23.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.470.0-160000.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.44-150000.3.3.1
- (no CPE)range: < 2.470.0-160000.3.1
- (no CPE)range: < 2.41-23.3.1
Patches
Vulnerability mechanics
References
5- www.openwall.com/lists/oss-security/2026/03/19/2nvdMailing ListPatchThird Party Advisory
- github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patchnvdPatch
- github.com/cpan-authors/XML-Parser/issues/39nvdIssue Tracking
- rt.cpan.org/Ticket/Display.htmlnvdMailing List
- lists.debian.org/debian-lts-announce/2026/04/msg00002.htmlnvd
News mentions
0No linked articles in our index yet.