XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack — CVE-2006-10003

Summary

Advisory CVE-2006-10003. XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack Vendor: Microsoft. Source: MSRC. Threat: high. CVSS 8.6. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• perf/core: Fix refcount bug and potential UAF in perf_mmap CVE-2026-23248
• pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-30922
• apparmor: fix unprivileged local user can do privileged policy management CVE-2026-23268
• apparmor: validate DFA start states are in bounds in unpack_pdb CVE-2026-23269
• f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes CVE-2026-23267
• f2fs: fix to do sanity check on node footer in {read,write}_end_io CVE-2026-23265
• nghttp2 Denial of service: Assertion failure due to the missing state validation CVE-2026-27135
• RDMA/umad: Reject negative data_len in ib_umad_write CVE-2026-23243
• XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes CVE-2006-10002
• Azure Data Factory Information Disclosure Vulnerability CVE-2026-23659
• Azure DevOps: msazure Elevation of Privilege Vulnerability CVE-2026-23658
• Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability CVE-2026-26137