GHSA-x2wr-f89p-cqwhCriticalCVSS 9.8

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in...

Published
March 19, 2026
Last Modified
June 30, 2026

🔗 CVE IDs covered (1)

📋 Description

XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.

In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.

The bug can be observed when parsing an XML file with very deep element nesting

🔗 References (23)