CVE-2006-10003 PUBLISHED

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

The bug can be observed when parsing an XML file with very deep element nesting

Apply the patch that has been publicly available since 2006-06-13.

Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.48 or later when it is released.

• https://rt.cpan.org/Ticket/Display.html?id=19860
• https://github.com/cpan-authors/XML-Parser/issues/39
• https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch

• CWE-193 Off-by-one Error CWE
• CWE-122 Heap-based Buffer Overflow CWE