Home / Vulnerability Intelligence / CVE-2006-10003

CVE-2006-10003 - Vulnerability Analysis

CriticalCVSS: 9.8

Last Updated: March 19, 2026

XML::Parser Perl - Buffer Overflow

Published: March 19, 2026Updated: March 19, 2026Remote Exploitable

Overview

XML::Parser for Perl <= 2.47 contains an off-by-one heap buffer overflow caused by improper stack pointer handling in st_serial_stack, letting attackers cause memory corruption when parsing deeply nested XML files, exploit requires crafted XML input.

Severity & Score

Severity: Critical

CVSS Score: 9.8

Impact

Attackers can cause memory corruption leading to potential denial of service or code execution.

Mitigation

Update to a version later than 2.47 or the latest available version.

References

https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch
https://github.com/cpan-authors/XML-Parser/issues/39
https://rt.cpan.org/Ticket/Display.html?id=19860
http://www.openwall.com/lists/oss-security/2026/03/19/2

Related Resources

Vulnerability Intelligence Dashboard
Credential Scanner

Details

CVE ID: CVE-2006-10003
Severity: Critical
CVSS Score: 9.8
Type: buffer_overflow
Status: confirmed

CWE

CWE-122

CVSS Metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H