Vulnerability-Lookup

CVE-2006-10003 (GCVE-0-2006-10003)

Vulnerability from cvelistv5 – Published: 2026-03-19 11:08 – Updated: 2026-06-30 03:21

Title

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

Summary

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack. In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer. The bug can be observed when parsing an XML file with very deep element nesting

Severity

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: yes Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-193 - Off-by-one Error
CWE-122 - Heap-based Buffer Overflow

Assigner

CPANSec

References

21 references

URL	Tags
https://rt.cpan.org/Ticket/Display.html?id=19860	issue-tracking
https://github.com/cpan-authors/XML-Parser/issues/39	issue-tracking
https://github.com/cpan-authors/XML-Parser/commit…	patch
http://www.openwall.com/lists/oss-security/2026/03/19/2
https://lists.debian.org/debian-lts-announce/2026…
https://access.redhat.com/security/cve/CVE-2006-10003	vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2448999	issue-trackingx_refsource_REDHAT
https://security.access.redhat.com/data/csaf/v2/v…	x_sadp-csaf-vex
https://access.redhat.com/errata/RHSA-2026:8578	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9110	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7680	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7681	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8609	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8608	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8610	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:8577	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9246	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9258	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9259	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:9605	vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2026:7679	vendor-advisoryx_refsource_REDHAT

Impacted products

19 products

Vendor	Product	Version
TODDR	XML::Parser	Affected: 0 , ≤ 2.47 (custom)
Red Hat	Red Hat Enterprise Linux Server (v. 7 ELS)	cpe:/o:redhat:rhel_els:7
Red Hat	Red Hat Enterprise Linux AppStream EUS (v. 10.0)	cpe:/o:redhat:enterprise_linux_eus:10.0
Red Hat	Red Hat Enterprise Linux AppStream (v. 10)	cpe:/o:redhat:enterprise_linux:10.1
Red Hat	Red Hat Enterprise Linux AppStream (v. 8)	cpe:/a:redhat:enterprise_linux:8::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v. 8.2)	cpe:/a:redhat:rhel_aus:8.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.4)	cpe:/a:redhat:rhel_aus:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)	cpe:/a:redhat:rhel_eus_long_life:8.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream AUS (v.8.6)	cpe:/a:redhat:rhel_aus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.6)	cpe:/a:redhat:rhel_e4s:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.6)	cpe:/a:redhat:rhel_tus:8.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.8.8)	cpe:/a:redhat:rhel_e4s:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream TUS (v.8.8)	cpe:/a:redhat:rhel_tus:8.8::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.0)	cpe:/a:redhat:rhel_e4s:9.0::appstream
Red Hat	Red Hat Enterprise Linux AppStream E4S (v.9.2)	cpe:/a:redhat:rhel_e4s:9.2::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.4)	cpe:/a:redhat:rhel_eus:9.4::appstream
Red Hat	Red Hat Enterprise Linux AppStream EUS (v.9.6)	cpe:/a:redhat:rhel_eus:9.6::appstream
Red Hat	Red Hat Enterprise Linux AppStream (v. 9)	cpe:/a:redhat:enterprise_linux:9::appstream
Red Hat	Red Hat Enterprise Linux 6	cpe:/o:redhat:enterprise_linux:6

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2006-10003",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-03-19T17:08:41.621885Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-03-19T17:09:59.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-04-04T08:11:42.558Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/03/19/2"
          },
          {
            "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "affected": [
          {
            "cpes": [
              "cpe:/o:redhat:rhel_els:7"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux_eus:10.0"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:10.1"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 10)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_aus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_tus:8.8::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.0::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_e4s:9.2::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.4::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:rhel_eus:9.6::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/a:redhat:enterprise_linux:9::appstream"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux AppStream (v. 9)",
            "vendor": "Red Hat"
          },
          {
            "cpes": [
              "cpe:/o:redhat:enterprise_linux:6"
            ],
            "defaultStatus": "affected",
            "product": "Red Hat Enterprise Linux 6",
            "vendor": "Red Hat"
          }
        ],
        "datePublic": "2026-03-19T11:08:04.341Z",
        "descriptions": [
          {
            "lang": "en",
            "value": "A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption."
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "namespace": "https://access.redhat.com/security/updates/classification/",
                "value": "Important"
              },
              "type": "Red Hat severity rating"
            }
          },
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            },
            "format": "CVSS"
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-193",
                "description": "Off-by-one Error",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-30T03:21:11.236Z",
          "orgId": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
          "shortName": "redhat-SADP"
        },
        "references": [
          {
            "tags": [
              "vdb-entry",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
          },
          {
            "name": "RHBZ#2448999",
            "tags": [
              "issue-tracking",
              "x_refsource_REDHAT"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
          },
          {
            "tags": [
              "x_sadp-csaf-vex"
            ],
            "url": "https://security.access.redhat.com/data/csaf/v2/vex/2006/cve-2006-10003.json"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8578"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9110"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7680"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7681"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8609"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8608"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8610"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:8577"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9246"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9258"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9259"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:9605"
          },
          {
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2026:7679"
          }
        ],
        "solutions": [
          {
            "lang": "en",
            "value": "RHSA-2026:8578: Red Hat Enterprise Linux Server (v. 7 ELS)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9110: Red Hat Enterprise Linux AppStream EUS (v. 10.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7680: Red Hat Enterprise Linux AppStream (v. 10)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7681: Red Hat Enterprise Linux AppStream (v. 8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8609: Red Hat Enterprise Linux AppStream AUS (v. 8.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8608: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8610: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:8577: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9246: Red Hat Enterprise Linux AppStream E4S (v.9.0)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9258: Red Hat Enterprise Linux AppStream E4S (v.9.2)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9259: Red Hat Enterprise Linux AppStream EUS (v.9.4)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:9605: Red Hat Enterprise Linux AppStream EUS (v.9.6)"
          },
          {
            "lang": "en",
            "value": "RHSA-2026:7679: Red Hat Enterprise Linux AppStream (v. 9)"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2026-03-19T12:01:39.997Z",
            "value": "Reported to Red Hat."
          },
          {
            "lang": "en",
            "time": "2026-03-19T11:08:04.341Z",
            "value": "Made public."
          }
        ],
        "title": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files",
        "workarounds": [
          {
            "lang": "en",
            "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
          }
        ],
        "x_adpType": "supplier",
        "x_generator": {
          "engine": "sadp-cli 1.0.0"
        }
      }
    ],
    "cna": {
      "affected": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "XML-Parser",
          "product": "XML::Parser",
          "programFiles": [
            "Expat.xs"
          ],
          "programRoutines": [
            {
              "name": "startElement"
            }
          ],
          "repo": "http://github.com/toddr/XML-Parser",
          "vendor": "TODDR",
          "versions": [
            {
              "lessThanOrEqual": "2.47",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-193",
              "description": "CWE-193 Off-by-one Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-03-19T11:08:04.341Z",
        "orgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
        "shortName": "CPANSec"
      },
      "references": [
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
        },
        {
          "tags": [
            "issue-tracking"
          ],
          "url": "https://github.com/cpan-authors/XML-Parser/issues/39"
        },
        {
          "tags": [
            "patch"
          ],
          "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.48 or later when it is released."
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2006-06-13T00:00:00.000Z",
          "value": "Issue logged and patch provided in Request Tracker for XML::Parser"
        },
        {
          "lang": "en",
          "time": "2019-09-23T00:00:00.000Z",
          "value": "Issue migrated to github issue tracker"
        },
        {
          "lang": "en",
          "time": "2019-09-24T00:00:00.000Z",
          "value": "Patch provided in github issue tracker"
        },
        {
          "lang": "en",
          "time": "2026-03-16T00:00:00.000Z",
          "value": "PR created and commit merged to git repo"
        }
      ],
      "title": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack",
      "workarounds": [
        {
          "lang": "en",
          "value": "Apply the patch that has been publicly available since 2006-06-13."
        }
      ],
      "x_generator": {
        "engine": "cpansec-cna-tool 0.1"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
    "assignerShortName": "CPANSec",
    "cveId": "CVE-2006-10003",
    "datePublished": "2026-03-19T11:08:04.341Z",
    "dateReserved": "2026-03-16T22:52:39.890Z",
    "dateUpdated": "2026-06-30T03:21:11.236Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2006-10003",
      "date": "2026-06-29",
      "epss": "0.00512",
      "percentile": "0.39728"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-10003\",\"sourceIdentifier\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"published\":\"2026-03-19T12:16:17.047\",\"lastModified\":\"2026-06-30T03:16:38.650\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\\n\\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\\n\\nThe bug can be observed when parsing an XML file with very deep element nesting\"},{\"lang\":\"es\",\"value\":\"Las versiones de XML::Parser hasta la 2.47 para Perl tienen un desbordamiento de b\u00fafer de mont\u00f3n por un error de uno en st_serial_stack.\\n\\nEn el caso (stackptr == stacksize - 1), la pila NO se expandir\u00e1. Luego, el nuevo valor se escribir\u00e1 en la ubicaci\u00f3n (++stackptr), que es igual a stacksize y, por lo tanto, cae justo fuera del b\u00fafer asignado.\\n\\nEl error se puede observar al analizar un archivo XML con anidamiento de elementos muy profundo.\"}],\"affected\":[{\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"affectedData\":[{\"vendor\":\"TODDR\",\"product\":\"XML::Parser\",\"defaultStatus\":\"unaffected\",\"collectionURL\":\"https://cpan.org/modules\",\"packageName\":\"XML-Parser\",\"programFiles\":[\"Expat.xs\"],\"programRoutines\":[{\"name\":\"startElement\"}],\"repo\":\"http://github.com/toddr/XML-Parser\",\"versions\":[{\"version\":\"0\",\"lessThanOrEqual\":\"2.47\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"affectedData\":[{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux Server (v. 7 ELS)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:rhel_els:7\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux_eus:10.0\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 10)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:10.1\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v. 8.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream AUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_aus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream TUS (v.8.8)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_tus:8.8::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.0)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream E4S (v.9.2)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.4)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.4::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream EUS (v.9.6)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:rhel_eus:9.6::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux AppStream (v. 9)\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/a:redhat:enterprise_linux:9::appstream\"]},{\"vendor\":\"Red Hat\",\"product\":\"Red Hat Enterprise Linux 6\",\"defaultStatus\":\"affected\",\"cpes\":[\"cpe:/o:redhat:enterprise_linux:6\"]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-03-19T17:08:41.621885Z\",\"id\":\"CVE-2006-10003\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"yes\"},{\"technicalImpact\":\"total\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"},{\"lang\":\"en\",\"value\":\"CWE-193\"}]},{\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-193\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:toddr:xml\\\\:\\\\:parser:*:*:*:*:*:perl:*:*\",\"versionEndExcluding\":\"2.48\",\"matchCriteriaId\":\"11A15992-D3C4-4604-88DF-DF2E7872FEFD\"}]}]}],\"references\":[{\"url\":\"https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/cpan-authors/XML-Parser/issues/39\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"tags\":[\"Issue Tracking\"]},{\"url\":\"https://rt.cpan.org/Ticket/Display.html?id=19860\",\"source\":\"9b29abf9-4ab0-4765-b253-1875cd9b441e\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2026/03/19/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7679\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7680\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:7681\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8577\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8578\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8608\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8609\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:8610\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9110\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9246\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9258\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9259\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2026:9605\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://access.redhat.com/security/cve/CVE-2006-10003\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2448999\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"},{\"url\":\"https://security.access.redhat.com/data/csaf/v2/vex/2006/cve-2006-10003.json\",\"source\":\"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"http://www.openwall.com/lists/oss-security/2026/03/19/2\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2026-04-04T08:11:42.558Z\"}}, {\"title\": \"perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files\", \"metrics\": [{\"other\": {\"type\": \"Red Hat severity rating\", \"content\": {\"value\": \"Important\", \"namespace\": \"https://access.redhat.com/security/updates/classification/\"}}}, {\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"cpes\": [\"cpe:/o:redhat:rhel_els:7\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux Server (v. 7 ELS)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux_eus:10.0\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v. 10.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:10.1\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 10)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v. 8.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus_long_life:8.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_aus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream AUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_tus:8.8::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream TUS (v.8.8)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.0::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.0)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_e4s:9.2::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream E4S (v.9.2)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.4::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.4)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:rhel_eus:9.6::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream EUS (v.9.6)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/a:redhat:enterprise_linux:9::appstream\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux AppStream (v. 9)\", \"defaultStatus\": \"affected\"}, {\"cpes\": [\"cpe:/o:redhat:enterprise_linux:6\"], \"vendor\": \"Red Hat\", \"product\": \"Red Hat Enterprise Linux 6\", \"defaultStatus\": \"affected\"}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2026-03-19T12:01:39.997Z\", \"value\": \"Reported to Red Hat.\"}, {\"lang\": \"en\", \"time\": \"2026-03-19T11:08:04.341Z\", \"value\": \"Made public.\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"RHSA-2026:8578: Red Hat Enterprise Linux Server (v. 7 ELS)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9110: Red Hat Enterprise Linux AppStream EUS (v. 10.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7680: Red Hat Enterprise Linux AppStream (v. 10)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7681: Red Hat Enterprise Linux AppStream (v. 8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8609: Red Hat Enterprise Linux AppStream AUS (v. 8.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8608: Red Hat Enterprise Linux AppStream AUS (v.8.4), Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8610: Red Hat Enterprise Linux AppStream AUS (v.8.6), Red Hat Enterprise Linux AppStream E4S (v.8.6), Red Hat Enterprise Linux AppStream TUS (v.8.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:8577: Red Hat Enterprise Linux AppStream E4S (v.8.8), Red Hat Enterprise Linux AppStream TUS (v.8.8)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9246: Red Hat Enterprise Linux AppStream E4S (v.9.0)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9258: Red Hat Enterprise Linux AppStream E4S (v.9.2)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9259: Red Hat Enterprise Linux AppStream EUS (v.9.4)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:9605: Red Hat Enterprise Linux AppStream EUS (v.9.6)\"}, {\"lang\": \"en\", \"value\": \"RHSA-2026:7679: Red Hat Enterprise Linux AppStream (v. 9)\"}], \"x_adpType\": \"supplier\", \"datePublic\": \"2026-03-19T11:08:04.341Z\", \"references\": [{\"url\": \"https://access.redhat.com/security/cve/CVE-2006-10003\", \"tags\": [\"vdb-entry\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2448999\", \"name\": \"RHBZ#2448999\", \"tags\": [\"issue-tracking\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://security.access.redhat.com/data/csaf/v2/vex/2006/cve-2006-10003.json\", \"tags\": [\"x_sadp-csaf-vex\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8578\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9110\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7680\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7681\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8609\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8608\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8610\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:8577\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9246\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9258\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9259\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:9605\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2026:7679\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.\"}], \"x_generator\": {\"engine\": \"sadp-cli 1.0.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-193\", \"description\": \"Off-by-one Error\"}]}], \"providerMetadata\": {\"orgId\": \"0b0ca135-0b70-47e7-9f44-1890c2a1c46c\", \"shortName\": \"redhat-SADP\", \"dateUpdated\": \"2026-06-30T03:21:11.236Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2006-10003\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-03-19T17:08:41.621885Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-03-19T17:09:53.422Z\"}}], \"cna\": {\"title\": \"XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"affected\": [{\"repo\": \"http://github.com/toddr/XML-Parser\", \"vendor\": \"TODDR\", \"product\": \"XML::Parser\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"2.47\"}], \"packageName\": \"XML-Parser\", \"programFiles\": [\"Expat.xs\"], \"collectionURL\": \"https://cpan.org/modules\", \"defaultStatus\": \"unaffected\", \"programRoutines\": [{\"name\": \"startElement\"}]}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2006-06-13T00:00:00.000Z\", \"value\": \"Issue logged and patch provided in Request Tracker for XML::Parser\"}, {\"lang\": \"en\", \"time\": \"2019-09-23T00:00:00.000Z\", \"value\": \"Issue migrated to github issue tracker\"}, {\"lang\": \"en\", \"time\": \"2019-09-24T00:00:00.000Z\", \"value\": \"Patch provided in github issue tracker\"}, {\"lang\": \"en\", \"time\": \"2026-03-16T00:00:00.000Z\", \"value\": \"PR created and commit merged to git repo\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"Apply the patch that has been publicly available since 2006-06-13 or upgrade to version 2.48 or later when it is released.\"}], \"references\": [{\"url\": \"https://rt.cpan.org/Ticket/Display.html?id=19860\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/cpan-authors/XML-Parser/issues/39\", \"tags\": [\"issue-tracking\"]}, {\"url\": \"https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch\", \"tags\": [\"patch\"]}], \"workarounds\": [{\"lang\": \"en\", \"value\": \"Apply the patch that has been publicly available since 2006-06-13.\"}], \"x_generator\": {\"engine\": \"cpansec-cna-tool 0.1\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\\n\\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\\n\\nThe bug can be observed when parsing an XML file with very deep element nesting\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-193\", \"description\": \"CWE-193 Off-by-one Error\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-122\", \"description\": \"CWE-122 Heap-based Buffer Overflow\"}]}], \"providerMetadata\": {\"orgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"shortName\": \"CPANSec\", \"dateUpdated\": \"2026-03-19T11:08:04.341Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2006-10003\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-06-30T03:21:11.236Z\", \"dateReserved\": \"2026-03-16T22:52:39.890Z\", \"assignerOrgId\": \"9b29abf9-4ab0-4765-b253-1875cd9b441e\", \"datePublished\": \"2026-03-19T11:08:04.341Z\", \"assignerShortName\": \"CPANSec\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }
  }
}

alsa-2026:7679

Vulnerability from osv_almalinux

Published

2026-04-13 00:00

Modified

2026-04-15 08:00

Summary

Important: perl-XML-Parser security update

Details

This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.

Security Fix(es):

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:7679	ADVISORY
	https://access.redhat.com/security/cve/CVE-2006-10002	REPORT
	https://access.redhat.com/security/cve/CVE-2006-10003	REPORT
	https://bugzilla.redhat.com/2448999	REPORT
	https://bugzilla.redhat.com/2449001	REPORT
	https://errata.almalinux.org/9/ALSA-2026-7679.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:9",
        "name": "perl-XML-Parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.46-9.1.el9_7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark\u0027s expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.  \n\nSecurity Fix(es):  \n\n  * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)\n  * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:7679",
  "modified": "2026-04-15T08:00:20Z",
  "published": "2026-04-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:7679"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10002"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448999"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2449001"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/9/ALSA-2026-7679.html"
    }
  ],
  "related": [
    "CVE-2006-10003",
    "CVE-2006-10002"
  ],
  "summary": "Important: perl-XML-Parser security update"
}

alsa-2026:7680

Vulnerability from osv_almalinux

Published

2026-04-13 00:00

Modified

2026-04-15 07:45

Summary

Important: perl-XML-Parser security update

Details

Security Fix(es):

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:7680	ADVISORY
	https://access.redhat.com/security/cve/CVE-2006-10002	REPORT
	https://access.redhat.com/security/cve/CVE-2006-10003	REPORT
	https://bugzilla.redhat.com/2448999	REPORT
	https://bugzilla.redhat.com/2449001	REPORT
	https://errata.almalinux.org/10/ALSA-2026-7680.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:10",
        "name": "perl-XML-Parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.47-6.1.el10_1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark\u0027s expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.  \n\nSecurity Fix(es):  \n\n  * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)\n  * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:7680",
  "modified": "2026-04-15T07:45:45Z",
  "published": "2026-04-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:7680"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10002"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448999"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2449001"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/10/ALSA-2026-7680.html"
    }
  ],
  "related": [
    "CVE-2006-10003",
    "CVE-2006-10002"
  ],
  "summary": "Important: perl-XML-Parser security update"
}

alsa-2026:7681

Vulnerability from osv_almalinux

Published

2026-04-13 00:00

Modified

2026-04-14 07:40

Summary

Important: perl-XML-Parser security update

Details

Security Fix(es):

perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)
perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References

URL

Type

	https://access.redhat.com/errata/RHSA-2026:7681	ADVISORY
	https://access.redhat.com/security/cve/CVE-2006-10002	REPORT
	https://access.redhat.com/security/cve/CVE-2006-10003	REPORT
	https://bugzilla.redhat.com/2448999	REPORT
	https://bugzilla.redhat.com/2449001	REPORT
	https://errata.almalinux.org/8/ALSA-2026-7681.html	ADVISORY

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "AlmaLinux:8",
        "name": "perl-XML-Parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.44-12.el8_10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "details": "This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark\u0027s expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.  \n\nSecurity Fix(es):  \n\n  * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)\n  * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)\n\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n",
  "id": "ALSA-2026:7681",
  "modified": "2026-04-14T07:40:45Z",
  "published": "2026-04-13T00:00:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://access.redhat.com/errata/RHSA-2026:7681"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10002"
    },
    {
      "type": "REPORT",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2448999"
    },
    {
      "type": "REPORT",
      "url": "https://bugzilla.redhat.com/2449001"
    },
    {
      "type": "ADVISORY",
      "url": "https://errata.almalinux.org/8/ALSA-2026-7681.html"
    }
  ],
  "related": [
    "CVE-2006-10003",
    "CVE-2006-10002"
  ],
  "summary": "Important: perl-XML-Parser security update"
}

CERTFR-2026-AVI-0667

Vulnerability from certfr_avis - Published: 2026-05-29 - Updated: 2026-05-29

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Cognos Analytics	Cognos Analytics Mobile versions antérieures à 1.1.26
IBM	Sterling Control Center	Sterling Control Center versions 6.3.1.0 sans le correctif iFix09
IBM	Tivoli Monitoring	Tivoli Monitoring sans le dernier correctif de sécurité
IBM	QRadar SIEM	QRadar SIEM versions 7.5.0 antérieures à 7.5.0 UP15 IF03
IBM	Sterling Control Center	Sterling Control Center versions 6.4.2.0 sans le correctif iFix04
IBM	QRadar Suite Software	QRadar Suite Software versions antérieures à 1.11.11.0
IBM	N/A	Analyst Workflow versions antérieures à 3.1.0
IBM	Cloud Pak	Cloud Pak for Security versions antérieures à 1.11.11.0
IBM	Sterling Control Center	Sterling Control Center versions 6.4.1.0 sans le correctif iFix03

References

Title

Publication Time

FKIE_CVE-2006-10003

Vulnerability from fkie_nvd - Published: 2026-03-19 12:16 - Updated: 2026-06-30 03:16

Severity

9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
9b29abf9-4ab0-4765-b253-1875cd9b441e	https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch	Patch
9b29abf9-4ab0-4765-b253-1875cd9b441e	https://github.com/cpan-authors/XML-Parser/issues/39	Issue Tracking
9b29abf9-4ab0-4765-b253-1875cd9b441e	https://rt.cpan.org/Ticket/Display.html?id=19860	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2026/03/19/2	Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:7679
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:7680
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:7681
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:8577
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:8578
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:8608
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:8609
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:8610
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:9110
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:9246
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:9258
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:9259
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/errata/RHSA-2026:9605
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://access.redhat.com/security/cve/CVE-2006-10003
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://bugzilla.redhat.com/show_bug.cgi?id=2448999
0b0ca135-0b70-47e7-9f44-1890c2a1c46c	https://security.access.redhat.com/data/csaf/v2/vex/2006/cve-2006-10003.json

Impacted products

	Vendor	Product	Version
	toddr	xml\	\

JSON

To clipboard

{
  "affected": [
    {
      "affectedData": [
        {
          "collectionURL": "https://cpan.org/modules",
          "defaultStatus": "unaffected",
          "packageName": "XML-Parser",
          "product": "XML::Parser",
          "programFiles": [
            "Expat.xs"
          ],
          "programRoutines": [
            {
              "name": "startElement"
            }
          ],
          "repo": "http://github.com/toddr/XML-Parser",
          "vendor": "TODDR",
          "versions": [
            {
              "lessThanOrEqual": "2.47",
              "status": "affected",
              "version": "0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e"
    },
    {
      "affectedData": [
        {
          "cpes": [
            "cpe:/o:redhat:rhel_els:7"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux Server (v. 7 ELS)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux_eus:10.0"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS (v. 10.0)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:10.1"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream (v. 10)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:8::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream (v. 8)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.2::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream AUS (v. 8.2)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream AUS (v.8.4)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_eus_long_life:8.4::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS EXTENSION (v.8.4)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_aus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream AUS (v.8.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.8.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream TUS (v.8.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.8.8)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_tus:8.8::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream TUS (v.8.8)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.0::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.9.0)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_e4s:9.2::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream E4S (v.9.2)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.4::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS (v.9.4)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:rhel_eus:9.6::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream EUS (v.9.6)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/a:redhat:enterprise_linux:9::appstream"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux AppStream (v. 9)",
          "vendor": "Red Hat"
        },
        {
          "cpes": [
            "cpe:/o:redhat:enterprise_linux:6"
          ],
          "defaultStatus": "affected",
          "product": "Red Hat Enterprise Linux 6",
          "vendor": "Red Hat"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c"
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:toddr:xml\\:\\:parser:*:*:*:*:*:perl:*:*",
              "matchCriteriaId": "11A15992-D3C4-4604-88DF-DF2E7872FEFD",
              "versionEndExcluding": "2.48",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting"
    },
    {
      "lang": "es",
      "value": "Las versiones de XML::Parser hasta la 2.47 para Perl tienen un desbordamiento de b\u00fafer de mont\u00f3n por un error de uno en st_serial_stack.\n\nEn el caso (stackptr == stacksize - 1), la pila NO se expandir\u00e1. Luego, el nuevo valor se escribir\u00e1 en la ubicaci\u00f3n (++stackptr), que es igual a stacksize y, por lo tanto, cae justo fuera del b\u00fafer asignado.\n\nEl error se puede observar al analizar un archivo XML con anidamiento de elementos muy profundo."
    }
  ],
  "id": "CVE-2006-10003",
  "lastModified": "2026-06-30T03:16:38.650",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
        "type": "Secondary"
      }
    ],
    "ssvcV203": [
      {
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "ssvcData": {
          "id": "CVE-2006-10003",
          "options": [
            {
              "exploitation": "none"
            },
            {
              "automatable": "yes"
            },
            {
              "technicalImpact": "total"
            }
          ],
          "role": "CISA Coordinator",
          "timestamp": "2026-03-19T17:08:41.621885Z",
          "version": "2.0.3"
        }
      }
    ]
  },
  "published": "2026-03-19T12:16:17.047",
  "references": [
    {
      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
    },
    {
      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://github.com/cpan-authors/XML-Parser/issues/39"
    },
    {
      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
      "tags": [
        "Mailing List"
      ],
      "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2026/03/19/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:7679"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:7680"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:7681"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:8577"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:8578"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:8608"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:8609"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:8610"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:9110"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:9246"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:9258"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:9259"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/errata/RHSA-2026:9605"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
    },
    {
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2006/cve-2006-10003.json"
    }
  ],
  "sourceIdentifier": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-122"
        },
        {
          "lang": "en",
          "value": "CWE-193"
        }
      ],
      "source": "9b29abf9-4ab0-4765-b253-1875cd9b441e",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-193"
        }
      ],
      "source": "0b0ca135-0b70-47e7-9f44-1890c2a1c46c",
      "type": "Secondary"
    }
  ]
}

GHSA-X2WR-F89P-CQWH

Vulnerability from github – Published: 2026-03-19 12:30 – Updated: 2026-06-30 03:35

Details

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

The bug can be observed when parsing an XML file with very deep element nesting

Severity

9.8 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-10003"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-122",
      "CWE-193"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-03-19T12:16:17Z",
    "severity": "CRITICAL"
  },
  "details": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.\n\nIn the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.\n\nThe bug can be observed when parsing an XML file with very deep element nesting",
  "id": "GHSA-x2wr-f89p-cqwh",
  "modified": "2026-06-30T03:35:56Z",
  "published": "2026-03-19T12:30:32Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cpan-authors/XML-Parser/issues/39"
    },
    {
      "type": "WEB",
      "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
    },
    {
      "type": "WEB",
      "url": "https://security.access.redhat.com/data/csaf/v2/vex/2006/cve-2006-10003.json"
    },
    {
      "type": "WEB",
      "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2026/04/msg00002.html"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9605"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9259"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9258"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9246"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:9110"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8610"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8609"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8608"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8578"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:8577"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7681"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7680"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2026:7679"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/19/2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

MSRC_CVE-2006-10003

Vulnerability from csaf_microsoft - Published: 2026-03-02 00:00 - Updated: 2026-04-08 01:40

Summary

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2006-10003

9.8 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-193 - Off-by-one Error

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 21069-17084		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 17084-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2026/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2006-10003.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack",
    "tracking": {
      "current_release_date": "2026-04-08T01:40:48.000Z",
      "generator": {
        "date": "2026-04-08T07:12:41.718Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2006-10003",
      "initial_release_date": "2026-03-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2026-03-20T01:04:51.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        },
        {
          "date": "2026-04-08T01:40:48.000Z",
          "legacy_version": "2",
          "number": "2",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.0",
                "product": {
                  "name": "Azure Linux 3.0",
                  "product_id": "17084"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cazl3 perl-XML-Parser 2.47-1",
                "product": {
                  "name": "\u003cazl3 perl-XML-Parser 2.47-1",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "azl3 perl-XML-Parser 2.47-1",
                "product": {
                  "name": "azl3 perl-XML-Parser 2.47-1",
                  "product_id": "21069"
                }
              }
            ],
            "category": "product_name",
            "name": "perl-XML-Parser"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003cazl3 perl-XML-Parser 2.47-1 as a component of Azure Linux 3.0",
          "product_id": "17084-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "17084"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "azl3 perl-XML-Parser 2.47-1 as a component of Azure Linux 3.0",
          "product_id": "21069-17084"
        },
        "product_reference": "21069",
        "relates_to_product_reference": "17084"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-10003",
      "cwe": {
        "id": "CWE-193",
        "name": "Off-by-one Error"
      },
      "notes": [
        {
          "category": "general",
          "text": "CPANSec",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "21069-17084"
        ],
        "known_affected": [
          "17084-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2006-10003 XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2006-10003.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-03-20T01:04:51.000Z",
          "details": "2.47-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "17084-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "temporalScore": 9.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "17084-1"
          ]
        }
      ],
      "title": "XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack"
    }
  ]
}

RHSA-2026:7679

Vulnerability from csaf_redhat - Published: 2026-04-13 03:10 - Updated: 2026-06-30 04:34

Summary

Red Hat Security Advisory: perl-XML-Parser security update

Severity

Important

Notes

Topic: An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time. Security Fix(es): * perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003) * perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2006-10002

A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service (DoS) by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This overflow can corrupt memory, leading to instability and application termination.

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2006-10003

A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption.

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-193 - Off-by-one Error

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

19 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:7679	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448999	external
https://bugzilla.redhat.com/show_bug.cgi?id=2449001	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2006-10002	self
https://bugzilla.redhat.com/show_bug.cgi?id=2449001	external
https://www.cve.org/CVERecord?id=CVE-2006-10002	external
https://nvd.nist.gov/vuln/detail/CVE-2006-10002	external
https://github.com/cpan-authors/XML-Parser/commit…	external
https://github.com/cpan-authors/XML-Parser/issues/64	external
https://rt.cpan.org/Ticket/Display.html?id=19859	external
https://access.redhat.com/security/cve/CVE-2006-10003	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448999	external
https://www.cve.org/CVERecord?id=CVE-2006-10003	external
https://nvd.nist.gov/vuln/detail/CVE-2006-10003	external
https://github.com/cpan-authors/XML-Parser/commit…	external
https://github.com/cpan-authors/XML-Parser/issues/39	external
https://rt.cpan.org/Ticket/Display.html?id=19860	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark\u0027s expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.\n\nSecurity Fix(es):\n\n* perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)\n\n* perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:7679",
        "url": "https://access.redhat.com/errata/RHSA-2026:7679"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2448999",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
      },
      {
        "category": "external",
        "summary": "2449001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449001"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7679.json"
      }
    ],
    "title": "Red Hat Security Advisory: perl-XML-Parser security update",
    "tracking": {
      "current_release_date": "2026-06-30T04:34:40+00:00",
      "generator": {
        "date": "2026-06-30T04:34:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.0"
        }
      },
      "id": "RHSA-2026:7679",
      "initial_release_date": "2026-04-13T03:10:07+00:00",
      "revision_history": [
        {
          "date": "2026-04-13T03:10:07+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-13T03:10:07+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T04:34:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 9)",
                  "product_id": "AppStream-9.7.0.Z.MAIN",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.46-9.1.el9_7.src",
                "product": {
                  "name": "perl-XML-Parser-0:2.46-9.1.el9_7.src",
                  "product_id": "perl-XML-Parser-0:2.46-9.1.el9_7.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.46-9.1.el9_7?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
                "product": {
                  "name": "perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
                  "product_id": "perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.46-9.1.el9_7?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
                  "product_id": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.46-9.1.el9_7?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.46-9.1.el9_7?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
                  "product_id": "perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.46-9.1.el9_7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
                  "product_id": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.46-9.1.el9_7?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.46-9.1.el9_7?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
                "product": {
                  "name": "perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
                  "product_id": "perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.46-9.1.el9_7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64",
                  "product_id": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.46-9.1.el9_7?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.46-9.1.el9_7?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
                "product": {
                  "name": "perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
                  "product_id": "perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.46-9.1.el9_7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
                  "product_id": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.46-9.1.el9_7?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.46-9.1.el9_7?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.46-9.1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64"
        },
        "product_reference": "perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le"
        },
        "product_reference": "perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.46-9.1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x"
        },
        "product_reference": "perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.46-9.1.el9_7.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src"
        },
        "product_reference": "perl-XML-Parser-0:2.46-9.1.el9_7.src",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.46-9.1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64"
        },
        "product_reference": "perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
          "product_id": "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64",
        "relates_to_product_reference": "AppStream-9.7.0.Z.MAIN"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-10002",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-03-19T12:01:47.309038+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service (DoS) by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This overflow can corrupt memory, leading to instability and application termination.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-10002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-10002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch",
          "url": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/issues/64",
          "url": "https://github.com/cpan-authors/XML-Parser/issues/64"
        },
        {
          "category": "external",
          "summary": "https://rt.cpan.org/Ticket/Display.html?id=19859",
          "url": "https://rt.cpan.org/Ticket/Display.html?id=19859"
        }
      ],
      "release_date": "2026-03-19T11:03:46.888000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-13T03:10:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7679"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input"
    },
    {
      "cve": "CVE-2006-10003",
      "cwe": {
        "id": "CWE-193",
        "name": "Off-by-one Error"
      },
      "discovery_date": "2026-03-19T12:01:39.997535+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448999"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
          "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448999",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-10003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch",
          "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/issues/39",
          "url": "https://github.com/cpan-authors/XML-Parser/issues/39"
        },
        {
          "category": "external",
          "summary": "https://rt.cpan.org/Ticket/Display.html?id=19860",
          "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
        }
      ],
      "release_date": "2026-03-19T11:08:04.341000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-13T03:10:07+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7679"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.src",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debuginfo-0:2.46-9.1.el9_7.x86_64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.aarch64",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.ppc64le",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.s390x",
            "AppStream-9.7.0.Z.MAIN:perl-XML-Parser-debugsource-0:2.46-9.1.el9_7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files"
    }
  ]
}

RHSA-2026:7680

Vulnerability from csaf_redhat - Published: 2026-04-13 02:23 - Updated: 2026-06-30 04:34

Summary

Red Hat Security Advisory: perl-XML-Parser security update

Severity

Important

Notes

Topic: An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2006-10002

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2006-10003

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-193 - Off-by-one Error

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

19 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:7680	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448999	external
https://bugzilla.redhat.com/show_bug.cgi?id=2449001	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2006-10002	self
https://bugzilla.redhat.com/show_bug.cgi?id=2449001	external
https://www.cve.org/CVERecord?id=CVE-2006-10002	external
https://nvd.nist.gov/vuln/detail/CVE-2006-10002	external
https://github.com/cpan-authors/XML-Parser/commit…	external
https://github.com/cpan-authors/XML-Parser/issues/64	external
https://rt.cpan.org/Ticket/Display.html?id=19859	external
https://access.redhat.com/security/cve/CVE-2006-10003	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448999	external
https://www.cve.org/CVERecord?id=CVE-2006-10003	external
https://nvd.nist.gov/vuln/detail/CVE-2006-10003	external
https://github.com/cpan-authors/XML-Parser/commit…	external
https://github.com/cpan-authors/XML-Parser/issues/39	external
https://rt.cpan.org/Ticket/Display.html?id=19860	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark\u0027s expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.\n\nSecurity Fix(es):\n\n* perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)\n\n* perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:7680",
        "url": "https://access.redhat.com/errata/RHSA-2026:7680"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2448999",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
      },
      {
        "category": "external",
        "summary": "2449001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449001"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7680.json"
      }
    ],
    "title": "Red Hat Security Advisory: perl-XML-Parser security update",
    "tracking": {
      "current_release_date": "2026-06-30T04:34:40+00:00",
      "generator": {
        "date": "2026-06-30T04:34:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.0"
        }
      },
      "id": "RHSA-2026:7680",
      "initial_release_date": "2026-04-13T02:23:46+00:00",
      "revision_history": [
        {
          "date": "2026-04-13T02:23:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-13T02:23:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T04:34:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                  "product_id": "AppStream-10.1.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.47-6.1.el10_1.src",
                "product": {
                  "name": "perl-XML-Parser-0:2.47-6.1.el10_1.src",
                  "product_id": "perl-XML-Parser-0:2.47-6.1.el10_1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.47-6.1.el10_1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
                "product": {
                  "name": "perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
                  "product_id": "perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.47-6.1.el10_1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
                  "product_id": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.47-6.1.el10_1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.47-6.1.el10_1?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
                  "product_id": "perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.47-6.1.el10_1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
                  "product_id": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.47-6.1.el10_1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.47-6.1.el10_1?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
                "product": {
                  "name": "perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
                  "product_id": "perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.47-6.1.el10_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64",
                  "product_id": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.47-6.1.el10_1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.47-6.1.el10_1?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
                "product": {
                  "name": "perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
                  "product_id": "perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.47-6.1.el10_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
                  "product_id": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.47-6.1.el10_1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.47-6.1.el10_1?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.47-6.1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64"
        },
        "product_reference": "perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le"
        },
        "product_reference": "perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.47-6.1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x"
        },
        "product_reference": "perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.47-6.1.el10_1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src"
        },
        "product_reference": "perl-XML-Parser-0:2.47-6.1.el10_1.src",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.47-6.1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64"
        },
        "product_reference": "perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
        "relates_to_product_reference": "AppStream-10.1.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64",
        "relates_to_product_reference": "AppStream-10.1.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-10002",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-03-19T12:01:47.309038+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service (DoS) by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This overflow can corrupt memory, leading to instability and application termination.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-10002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-10002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch",
          "url": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/issues/64",
          "url": "https://github.com/cpan-authors/XML-Parser/issues/64"
        },
        {
          "category": "external",
          "summary": "https://rt.cpan.org/Ticket/Display.html?id=19859",
          "url": "https://rt.cpan.org/Ticket/Display.html?id=19859"
        }
      ],
      "release_date": "2026-03-19T11:03:46.888000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-13T02:23:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7680"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input"
    },
    {
      "cve": "CVE-2006-10003",
      "cwe": {
        "id": "CWE-193",
        "name": "Off-by-one Error"
      },
      "discovery_date": "2026-03-19T12:01:39.997535+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448999"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
          "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
          "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
          "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448999",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-10003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch",
          "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/issues/39",
          "url": "https://github.com/cpan-authors/XML-Parser/issues/39"
        },
        {
          "category": "external",
          "summary": "https://rt.cpan.org/Ticket/Display.html?id=19860",
          "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
        }
      ],
      "release_date": "2026-03-19T11:08:04.341000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-13T02:23:46+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7680"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.src",
            "AppStream-10.1.Z:perl-XML-Parser-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debuginfo-0:2.47-6.1.el10_1.x86_64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.aarch64",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.ppc64le",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.s390x",
            "AppStream-10.1.Z:perl-XML-Parser-debugsource-0:2.47-6.1.el10_1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files"
    }
  ]
}

RHSA-2026:7681

Vulnerability from csaf_redhat - Published: 2026-04-13 02:55 - Updated: 2026-06-30 04:34

Summary

Red Hat Security Advisory: perl-XML-Parser security update

Severity

Important

Notes

Topic: An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

CVE-2006-10002

6.5 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-131 - Incorrect Calculation of Buffer Size

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2006-10003

8.8 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-193 - Off-by-one Error

Affected products

Fixed 13 products

Product	Version	Remediation
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Important

References

19 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:7681	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2448999	external
https://bugzilla.redhat.com/show_bug.cgi?id=2449001	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2006-10002	self
https://bugzilla.redhat.com/show_bug.cgi?id=2449001	external
https://www.cve.org/CVERecord?id=CVE-2006-10002	external
https://nvd.nist.gov/vuln/detail/CVE-2006-10002	external
https://github.com/cpan-authors/XML-Parser/commit…	external
https://github.com/cpan-authors/XML-Parser/issues/64	external
https://rt.cpan.org/Ticket/Display.html?id=19859	external
https://access.redhat.com/security/cve/CVE-2006-10003	self
https://bugzilla.redhat.com/show_bug.cgi?id=2448999	external
https://www.cve.org/CVERecord?id=CVE-2006-10003	external
https://nvd.nist.gov/vuln/detail/CVE-2006-10003	external
https://github.com/cpan-authors/XML-Parser/commit…	external
https://github.com/cpan-authors/XML-Parser/issues/39	external
https://rt.cpan.org/Ticket/Display.html?id=19860	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark\u0027s expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time.\n\nSecurity Fix(es):\n\n* perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003)\n\n* perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:7681",
        "url": "https://access.redhat.com/errata/RHSA-2026:7681"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2448999",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
      },
      {
        "category": "external",
        "summary": "2449001",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449001"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_7681.json"
      }
    ],
    "title": "Red Hat Security Advisory: perl-XML-Parser security update",
    "tracking": {
      "current_release_date": "2026-06-30T04:34:40+00:00",
      "generator": {
        "date": "2026-06-30T04:34:40+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "5.3.0"
        }
      },
      "id": "RHSA-2026:7681",
      "initial_release_date": "2026-04-13T02:55:37+00:00",
      "revision_history": [
        {
          "date": "2026-04-13T02:55:37+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-04-13T02:55:37+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-06-30T04:34:40+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 8)",
                  "product_id": "AppStream-8.10.0.Z.MAIN.EUS",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.44-12.el8_10.src",
                "product": {
                  "name": "perl-XML-Parser-0:2.44-12.el8_10.src",
                  "product_id": "perl-XML-Parser-0:2.44-12.el8_10.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.44-12.el8_10?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.44-12.el8_10.aarch64",
                "product": {
                  "name": "perl-XML-Parser-0:2.44-12.el8_10.aarch64",
                  "product_id": "perl-XML-Parser-0:2.44-12.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.44-12.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
                  "product_id": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.44-12.el8_10?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.44-12.el8_10?arch=aarch64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
                  "product_id": "perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.44-12.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
                  "product_id": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.44-12.el8_10?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.44-12.el8_10?arch=ppc64le"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.44-12.el8_10.x86_64",
                "product": {
                  "name": "perl-XML-Parser-0:2.44-12.el8_10.x86_64",
                  "product_id": "perl-XML-Parser-0:2.44-12.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.44-12.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64",
                  "product_id": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.44-12.el8_10?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.44-12.el8_10?arch=x86_64"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "perl-XML-Parser-0:2.44-12.el8_10.s390x",
                "product": {
                  "name": "perl-XML-Parser-0:2.44-12.el8_10.s390x",
                  "product_id": "perl-XML-Parser-0:2.44-12.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser@2.44-12.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
                "product": {
                  "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
                  "product_id": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debugsource@2.44-12.el8_10?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
                "product": {
                  "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
                  "product_id": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/perl-XML-Parser-debuginfo@2.44-12.el8_10?arch=s390x"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.44-12.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64"
        },
        "product_reference": "perl-XML-Parser-0:2.44-12.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.44-12.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le"
        },
        "product_reference": "perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.44-12.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x"
        },
        "product_reference": "perl-XML-Parser-0:2.44-12.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.44-12.el8_10.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src"
        },
        "product_reference": "perl-XML-Parser-0:2.44-12.el8_10.src",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-0:2.44-12.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64"
        },
        "product_reference": "perl-XML-Parser-0:2.44-12.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64"
        },
        "product_reference": "perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
          "product_id": "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
        },
        "product_reference": "perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64",
        "relates_to_product_reference": "AppStream-8.10.0.Z.MAIN.EUS"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2006-10002",
      "cwe": {
        "id": "CWE-131",
        "name": "Incorrect Calculation of Buffer Size"
      },
      "discovery_date": "2026-03-19T12:01:47.309038+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2449001"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service (DoS) by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This overflow can corrupt memory, leading to instability and application termination.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "RHBZ#2449001",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449001"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-10002",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-10002",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10002"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch",
          "url": "https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/issues/64",
          "url": "https://github.com/cpan-authors/XML-Parser/issues/64"
        },
        {
          "category": "external",
          "summary": "https://rt.cpan.org/Ticket/Display.html?id=19859",
          "url": "https://rt.cpan.org/Ticket/Display.html?id=19859"
        }
      ],
      "release_date": "2026-03-19T11:03:46.888000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-13T02:55:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7681"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input"
    },
    {
      "cve": "CVE-2006-10003",
      "cwe": {
        "id": "CWE-193",
        "name": "Off-by-one Error"
      },
      "discovery_date": "2026-03-19T12:01:39.997535+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2448999"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in XML::Parser, a Perl module for parsing XML. This vulnerability, an off-by-one heap buffer overflow, occurs when processing an XML file with very deep element nesting. A remote attacker could exploit this by providing a specially crafted XML file, potentially leading to memory corruption.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
          "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "RHBZ#2448999",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2448999"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2006-10003",
          "url": "https://www.cve.org/CVERecord?id=CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-10003"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch",
          "url": "https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch"
        },
        {
          "category": "external",
          "summary": "https://github.com/cpan-authors/XML-Parser/issues/39",
          "url": "https://github.com/cpan-authors/XML-Parser/issues/39"
        },
        {
          "category": "external",
          "summary": "https://rt.cpan.org/Ticket/Display.html?id=19860",
          "url": "https://rt.cpan.org/Ticket/Display.html?id=19860"
        }
      ],
      "release_date": "2026-03-19T11:08:04.341000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-04-13T02:55:37+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:7681"
        },
        {
          "category": "workaround",
          "details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
          "product_ids": [
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.src",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debuginfo-0:2.44-12.el8_10.x86_64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.aarch64",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.ppc64le",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.s390x",
            "AppStream-8.10.0.Z.MAIN.EUS:perl-XML-Parser-debugsource-0:2.44-12.el8_10.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2006-10003 (GCVE-0-2006-10003)

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Vulnerability from osv_almalinux

Solutions

Tags

Sightings

Nomenclature