Important: Red Hat Security Advisory: perl-XML-Parser security update
Details
CVSS v3
9.8
NVD published
2026-03-19 12:16:17
EPSS
<0.1% probability · 23.4th percentile — 2026-04-20
Affected versions
cpe:2.3:a:toddr:xml\:\:parser:*:*:*:*:*:perl:*:*
Summary
XML::Parser versions through 2.47 for Perl has an off-by-one heap buffer overflow in st_serial_stack.
In the case (stackptr == stacksize - 1), the stack will NOT be expanded. Then the new value will be written at location (++stackptr), which equals stacksize and therefore falls just outside the allocated buffer.
The bug can be observed when parsing an XML file with very deep element nesting
TopVuln sends digest emails with high-risk CVE picks across multiple authoritative sources—curated with EPSS and AI. Choose daily per-stream emails and optional weekly or monthly roundups.