CVE-2006-10003
Heap Buffer Overflow in XML::Parser Perl Module via Deep XML Nesting
Publication date: 2026-03-19
Last updated on: 2026-04-04
Assigner: CPANSec
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| toddr | xml | to 2.48 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-193 | A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value. |
| CWE-122 | A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc(). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is an off-by-one heap buffer overflow in the XML::Parser Perl module, specifically in the management of the st_serial_stack buffer.
The issue occurs when the stack pointer (st_serial_stackptr) is exactly one less than the stack size (st_serial_stacksize - 1). In this case, the code fails to expand the stack buffer before incrementing the pointer and writing a new value.
As a result, the write operation happens just beyond the allocated buffer boundary, causing a heap buffer overflow.
This bug can be triggered by parsing XML files with very deep element nesting, which causes the stack to grow.
A fix involves changing the condition to check if the stack pointer plus one is greater than or equal to the stack size, ensuring the buffer is expanded before writing.
How can this vulnerability impact me? :
This vulnerability can lead to a heap buffer overflow when parsing XML files with very deep nesting.
Heap buffer overflows can cause program crashes, data corruption, or potentially allow an attacker to execute arbitrary code.
If an attacker can supply maliciously crafted XML input, they might exploit this flaw to compromise the system running the vulnerable XML::Parser module.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by observing the behavior of the XML::Parser Perl module when parsing XML files with very deep element nesting, as the off-by-one heap buffer overflow occurs in this scenario.
One effective way to detect the issue is by using memory debugging tools such as Valgrind, which can identify out-of-bounds writes and heap buffer overflows during execution.
For example, you can run your Perl script that uses XML::Parser under Valgrind with a command like:
- valgrind --tool=memcheck perl your_script.pl
This will help detect invalid memory writes caused by the vulnerability.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, you should update the XML::Parser Perl module to a version that includes the fix for the off-by-one heap buffer overflow.
The fix involves changing the condition that triggers buffer expansion to ensure the stack is grown before writing beyond its allocated size.
If updating is not immediately possible, avoid parsing XML files with very deep element nesting, as this triggers the vulnerability.
Additionally, applying the patch that modifies the buffer growth condition to check if (st_serial_stackptr + 1 >= st_serial_stacksize) will prevent the overflow.