CVE-2006-10003
Received Received - Intake
Heap Buffer Overflow in XML::Parser Perl Module via Deep XML Nesting

Publication date: 2026-03-19

Last updated on: 2026-04-04

Assigner: CPANSec

Description
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-19
Last Modified
2026-04-04
Generated
2026-06-16
AI Q&A
2026-03-19
EPSS Evaluated
2026-06-14
NVD
CVE-2006-10003
EUVD
EUVD-2006-7234
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
toddr xml to 2.48 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-193 A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.
CWE-122 A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an off-by-one heap buffer overflow in the XML::Parser Perl module, specifically in the management of the st_serial_stack buffer.

The issue occurs when the stack pointer (st_serial_stackptr) is exactly one less than the stack size (st_serial_stacksize - 1). In this case, the code fails to expand the stack buffer before incrementing the pointer and writing a new value.

As a result, the write operation happens just beyond the allocated buffer boundary, causing a heap buffer overflow.

This bug can be triggered by parsing XML files with very deep element nesting, which causes the stack to grow.

A fix involves changing the condition to check if the stack pointer plus one is greater than or equal to the stack size, ensuring the buffer is expanded before writing.

Impact Analysis

This vulnerability can lead to a heap buffer overflow when parsing XML files with very deep nesting.

Heap buffer overflows can cause program crashes, data corruption, or potentially allow an attacker to execute arbitrary code.

If an attacker can supply maliciously crafted XML input, they might exploit this flaw to compromise the system running the vulnerable XML::Parser module.

Compliance Impact

I don't know

Detection Guidance

This vulnerability can be detected by observing the behavior of the XML::Parser Perl module when parsing XML files with very deep element nesting, as the off-by-one heap buffer overflow occurs in this scenario.

One effective way to detect the issue is by using memory debugging tools such as Valgrind, which can identify out-of-bounds writes and heap buffer overflows during execution.

For example, you can run your Perl script that uses XML::Parser under Valgrind with a command like:

  • valgrind --tool=memcheck perl your_script.pl

This will help detect invalid memory writes caused by the vulnerability.

Mitigation Strategies

To mitigate this vulnerability, you should update the XML::Parser Perl module to a version that includes the fix for the off-by-one heap buffer overflow.

The fix involves changing the condition that triggers buffer expansion to ensure the stack is grown before writing beyond its allocated size.

If updating is not immediately possible, avoid parsing XML files with very deep element nesting, as this triggers the vulnerability.

Additionally, applying the patch that modifies the buffer growth condition to check if (st_serial_stackptr + 1 >= st_serial_stacksize) will prevent the overflow.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2006-10003. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart