CVE-2006-10002 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 19, 2026
XML::Parser - Buffer Overflow
Overview
XML::Parser for Perl <= 2.47 contains a buffer overflow caused by mismatched UTF-8 byte handling in parse_stream() in Expat.xs, letting attackers cause heap corruption and crashes, exploit requires crafted XML input.
Severity & Score
Impact
Attackers can cause heap corruption and crashes, leading to denial of service.
Mitigation
Update to the latest version beyond 2.47.
References
Social Media Activity(1 post)
Two 20-year-old vulnerabilities fixed in XML::Parser 2.48: - CVE-2006-10002: XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes https://www.openwall.com/lists/oss-security/2026/03/19/1 - CVE-2006-10003: XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack https://www.openwall.com/lists/oss-security/2026/03/19/2 The patch fixing these has been available since 2006 but it's nice to see the fix in actual release, too. #CVE_2006_10002 #CVE_2006_10003
View original postRelated Resources
Details
- CVE ID
- CVE-2006-10002
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- buffer_overflow
- Status
- unconfirmed
- EPSS
- 5.8%
- Social Posts
- 1
CWE
- CWE-122
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H