XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack — CVE-2006-10003

Zusammenfassung

Sicherheitshinweis CVE-2006-10003. XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack Hersteller: Microsoft. Quelle: MSRC. Risiko: high. CVSS 8.6. Details in der offiziellen Quelle.

Was tun?

Allgemeine, vorsichtige Schritte (bitte prüfe die offizielle Quelle für Details):

• Priorisiere sofort Patches oder Mitigations (hohes akutes Risiko).
• Identifiziere betroffene Produktversionen und prüfe, ob du betroffen bist.
• Spiele Hersteller-Updates/Patches ein oder setze empfohlene Mitigations um.
• Lies das offizielle Advisory für betroffene Versionen und konkrete Schritte.

Offizielles Advisory

Zur offiziellen Quelle

Mehr dazu

• XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes CVE-2006-10002
• perf/core: Fix refcount bug and potential UAF in perf_mmap CVE-2026-23248
• pyasn1 Vulnerable to Denial of Service via Unbounded Recursion CVE-2026-30922
• apparmor: fix unprivileged local user can do privileged policy management CVE-2026-23268
• apparmor: validate DFA start states are in bounds in unpack_pdb CVE-2026-23269
• f2fs: fix IS_CHECKPOINTED flag inconsistency issue caused by concurrent atomic commit and checkpoint writes CVE-2026-23267
• f2fs: fix to do sanity check on node footer in {read,write}_end_io CVE-2026-23265
• nghttp2 Denial of service: Assertion failure due to the missing state validation CVE-2026-27135
• RDMA/umad: Reject negative data_len in ib_umad_write CVE-2026-23243
• Azure Data Factory Information Disclosure Vulnerability CVE-2026-23659
• Azure DevOps: msazure Elevation of Privilege Vulnerability CVE-2026-23658
• Microsoft 365 Copilot BizChat Elevation of Privilege Vulnerability CVE-2026-26137