Ce mail provient de l'extérieur, restons vigilants

=====================================================================

                            CERT-Renater

                Note d'Information No. 2026/VULN321
_____________________________________________________________________

DATE                : 20/03/2026

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S): Systems running XML::Parser for Perl versions
                               prior to 2.48.

=====================================================================
https://lists.security.metacpan.org/cve-announce/msg/38106361/
https://lists.security.metacpan.org/cve-announce/msg/38106362/
_____________________________________________________________________

========================================================================
CVE-2006-10002                                       CPAN Security Group
========================================================================

         CVE ID:  CVE-2006-10002
   Distribution:  XML-Parser
       Versions:  through 2.47

       MetaCPAN:  https://metacpan.org/dist/XML-Parser
       VCS Repo:  http://github.com/toddr/XML-Parser

XML::Parser versions through 2.47 for Perl could overflow the
pre-allocated buffer size cause a heap corruption (double free or
corruption) and crashes

Description
-----------
XML::Parser versions through 2.47 for Perl could overflow the
pre-allocated buffer size cause a heap corruption (double free or
corruption) and crashes.

A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML
input buffer because Perl's read() returns decoded characters while
SvPV() gives back multi-byte UTF-8 bytes that can exceed the
pre-allocated buffer size. This can cause heap corruption (double free
or corruption) and crashes.

Problem types
-------------
- CWE-122 Heap-based Buffer Overflow
- CWE-176 Improper Handling of Unicode Encoding

Workarounds
-----------
Apply the patch that has been publicly available since 2006-06-13.

Solutions
---------
Apply the patch that has been publicly available since 2006-06-13 or
upgrade to version 2.48 or later when it is released.

References
----------
https://rt.cpan.org/Ticket/Display.html?id=19859
https://github.com/cpan-authors/XML-Parser/issues/64
https://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch

Timeline
--------
- 2006-06-13: Issue logged in Request Tracker for XML::Parser
- 2006-08-11: Patch provided in Request Tracker for XML::Parser
- 2019-09-24: Issue migrated to github issue tracker
- 2019-09-24: Patch provided in github issue tracker
- 2026-03-16: PR created and commit merged to git repo

_____________________________________________________________________

========================================================================
CVE-2006-10003                                       CPAN Security Group
========================================================================

         CVE ID:  CVE-2006-10003
   Distribution:  XML-Parser
       Versions:  through 2.47

       MetaCPAN:  https://metacpan.org/dist/XML-Parser
       VCS Repo:  http://github.com/toddr/XML-Parser

XML::Parser versions through 2.47 for Perl has an off-by-one heap
buffer overflow in st_serial_stack

Description
-----------
XML::Parser versions through 2.47 for Perl has an off-by-one heap
buffer overflow in st_serial_stack.

In the case (stackptr == stacksize - 1), the stack will NOT be
expanded. Then the new value will be written at location (++stackptr),
which equals stacksize and therefore falls just outside the allocated
buffer.

The bug can be observed when parsing an XML file with very deep element
nesting

Problem types
-------------
- CWE-193 Off-by-one Error
- CWE-122 Heap-based Buffer Overflow

Workarounds
-----------
Apply the patch that has been publicly available since 2006-06-13.

Solutions
---------
Apply the patch that has been publicly available since 2006-06-13 or
upgrade to version 2.48 or later when it is released.

References
----------
https://rt.cpan.org/Ticket/Display.html?id=19860
https://github.com/cpan-authors/XML-Parser/issues/39
https://github.com/cpan-authors/XML-Parser/commit/3eb9cc95420fa0c3f76947c4708962546bf27cfd.patch

Timeline
--------
- 2006-06-13: Issue logged and patch provided in Request Tracker for
   XML::Parser
- 2019-09-23: Issue migrated to github issue tracker
- 2019-09-24: Patch provided in github issue tracker
- 2026-03-16: PR created and commit merged to git repo


=========================================================
+ CERT-RENATER        |    tel : 01-53-94-20-44         +
+ 23/25 Rue Daviel    |    fax : 01-53-94-20-41         +
+ 75013 Paris         |   email:cert@support.renater.fr +
=========================================================