Bug 2449001 (CVE-2006-10002)

Summary: CVE-2006-10002 perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service (DoS) by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This overflow can corrupt memory, leading to instability and application termination.
Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2449268, 2449269, 2449270, 2449271    
Bug Blocks:    

Description OSIDB Bzimport 2026-03-19 12:02:10 UTC
XML::Parser versions through 2.47 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.

A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

Comment 3 errata-xmlrpc 2026-04-13 02:19:56 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10

Via RHSA-2026:7680 https://access.redhat.com/errata/RHSA-2026:7680

Comment 4 errata-xmlrpc 2026-04-13 02:47:04 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2026:7681 https://access.redhat.com/errata/RHSA-2026:7681

Comment 5 errata-xmlrpc 2026-04-13 03:02:31 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2026:7679 https://access.redhat.com/errata/RHSA-2026:7679

Comment 6 errata-xmlrpc 2026-04-16 21:07:25 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.8 Telecommunications Update Service

Via RHSA-2026:8577 https://access.redhat.com/errata/RHSA-2026:8577

Comment 7 errata-xmlrpc 2026-04-16 21:10:23 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7 Extended Lifecycle Support

Via RHSA-2026:8578 https://access.redhat.com/errata/RHSA-2026:8578

Comment 8 errata-xmlrpc 2026-04-16 22:20:15 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.2 Advanced Update Support

Via RHSA-2026:8609 https://access.redhat.com/errata/RHSA-2026:8609

Comment 9 errata-xmlrpc 2026-04-16 22:23:42 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On

Via RHSA-2026:8608 https://access.redhat.com/errata/RHSA-2026:8608

Comment 10 errata-xmlrpc 2026-04-16 22:26:40 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support
  Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions
  Red Hat Enterprise Linux 8.6 Telecommunications Update Service

Via RHSA-2026:8610 https://access.redhat.com/errata/RHSA-2026:8610

Comment 11 errata-xmlrpc 2026-04-20 19:19:26 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 10.0 Extended Update Support

Via RHSA-2026:9110 https://access.redhat.com/errata/RHSA-2026:9110

Comment 12 errata-xmlrpc 2026-04-21 10:15:50 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions

Via RHSA-2026:9246 https://access.redhat.com/errata/RHSA-2026:9246

Comment 13 errata-xmlrpc 2026-04-21 11:16:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions

Via RHSA-2026:9258 https://access.redhat.com/errata/RHSA-2026:9258

Comment 14 errata-xmlrpc 2026-04-21 11:32:34 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.4 Extended Update Support

Via RHSA-2026:9259 https://access.redhat.com/errata/RHSA-2026:9259

Comment 15 errata-xmlrpc 2026-04-22 06:51:59 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9.6 Extended Update Support

Via RHSA-2026:9605 https://access.redhat.com/errata/RHSA-2026:9605