Home

Description

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

PUBLISHED Reserved 2026-03-16 | Published 2026-03-19 | Updated 2026-04-29 | Assigner CPANSec

Problem types

CWE-122 Heap-based Buffer Overflow

CWE-176 Improper Handling of Unicode Encoding

Product status

Default status
unaffected

Any version
affected

Timeline

2006-06-13:Issue logged in Request Tracker for XML::Parser
2006-08-11:Patch provided in Request Tracker for XML::Parser
2019-09-24:Issue migrated to github issue tracker
2019-09-24:Patch provided in github issue tracker
2019-09-24:Included in release 2.46 released to CPAN

References

www.openwall.com/lists/oss-security/2026/03/19/1

www.openwall.com/lists/oss-security/2026/03/22/3

rt.cpan.org/Ticket/Display.html?id=19859 issue-tracking

github.com/cpan-authors/XML-Parser/issues/64 issue-tracking

metacpan.org/release/TODDR/XML-Parser-2.46/changes release-notes

github.com/...56b0509dfc6b559cd7555ea81ee62e3622069255.patch patch

cve.org (CVE-2006-10002)

nvd.nist.gov (CVE-2006-10002)

Download JSON