Primary

Context

XML::Parser Heap Buffer Overflow Vulnerability in Perl

Vulnerability

A heap buffer overflow vulnerability has been identified in XML::Parser for Perl, affecting versions through 2.47. The issue arises in the 'st_serial_stack' management, where the stack pointer can exceed the allocated buffer size. This flaw occurs when parsing XML files with deep element nesting, leading to potential memory corruption.

Impact

Exploitation of this vulnerability causes a heap buffer overflow, which can lead to memory corruption and potentially allow for arbitrary code execution.

Reproduction

The vulnerability can be reproduced by parsing an XML file with a nesting depth of 600 elements. This deep nesting triggers the off-by-one error in the stack growth check, allowing the stack pointer to write outside the allocated buffer.

Remediation

Users can upgrade to XML::Parser version 2.47 or later, where this vulnerability has been fixed.

Added: Mar 19, 2026, 12:19 PM

Updated: Mar 19, 2026, 12:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.5

remediation

0.0

relevance

4.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

1.3

exploitability

7.5

remediation

0.0

relevance

4.1

threat

6.4

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

XML::Parser Heap Buffer Overflow Vulnerability in Perl

Vulnerability

Impact

Reproduction

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating