CVE-2006-10003

Summary

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

The bug can be observed when parsing an XML file with very deep element nesting

Affected Software

VendorProductVersion RangeStatus
TODDRXML::Parser0 <= 2.47affected

Weaknesses

  • CWE-193: CWE-193 Off-by-one Error
  • CWE-122: CWE-122 Heap-based Buffer Overflow

Workarounds

Apply the patch that has been publicly available since 2006-06-13.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: total

CVE Program Container

Additional References

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files

Additional References

References