{
  "threat_severity" : "Moderate",
  "public_date" : "2026-03-19T11:03:46Z",
  "bugzilla" : {
    "description" : "perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input",
    "id" : "2449001",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2449001"
  },
  "cvss3" : {
    "cvss3_base_score" : "6.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-131",
  "details" : [ "XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes.\nA :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.", "A flaw was found in XML::Parser for Perl. This vulnerability allows an attacker to cause a heap corruption, which can lead to a denial of service (DoS) by crashing the application. The issue occurs when the software processes specially crafted XML input, causing an internal buffer to overflow. This overflow can corrupt memory, leading to instability and application termination." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "release_date" : "2026-04-13T00:00:00Z",
    "advisory" : "RHSA-2026:7680",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10.1",
    "package" : "perl-XML-Parser-0:2.47-6.1.el10_1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 10.0 Extended Update Support",
    "release_date" : "2026-04-20T00:00:00Z",
    "advisory" : "RHSA-2026:9110",
    "cpe" : "cpe:/o:redhat:enterprise_linux_eus:10.0",
    "package" : "perl-XML-Parser-0:2.47-6.el10_0.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7 Extended Lifecycle Support",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8578",
    "cpe" : "cpe:/o:redhat:rhel_els:7",
    "package" : "perl-XML-Parser-0:2.41-10.el7_9.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2026-04-13T00:00:00Z",
    "advisory" : "RHSA-2026:7681",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "perl-XML-Parser-0:2.44-12.el8_10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8609",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.2",
    "package" : "perl-XML-Parser-0:2.44-11.el8_2.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8608",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.4",
    "package" : "perl-XML-Parser-0:2.44-11.el8_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8608",
    "cpe" : "cpe:/a:redhat:rhel_eus_long_life:8.4",
    "package" : "perl-XML-Parser-0:2.44-11.el8_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8610",
    "cpe" : "cpe:/a:redhat:rhel_aus:8.6",
    "package" : "perl-XML-Parser-0:2.44-11.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8610",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.6",
    "package" : "perl-XML-Parser-0:2.44-11.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8610",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.6",
    "package" : "perl-XML-Parser-0:2.44-11.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8577",
    "cpe" : "cpe:/a:redhat:rhel_tus:8.8",
    "package" : "perl-XML-Parser-0:2.44-11.el8_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
    "release_date" : "2026-04-16T00:00:00Z",
    "advisory" : "RHSA-2026:8577",
    "cpe" : "cpe:/a:redhat:rhel_e4s:8.8",
    "package" : "perl-XML-Parser-0:2.44-11.el8_8.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2026-04-13T00:00:00Z",
    "advisory" : "RHSA-2026:7679",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "perl-XML-Parser-0:2.46-9.1.el9_7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
    "release_date" : "2026-04-21T00:00:00Z",
    "advisory" : "RHSA-2026:9246",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.0",
    "package" : "perl-XML-Parser-0:2.46-9.el9_0.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
    "release_date" : "2026-04-21T00:00:00Z",
    "advisory" : "RHSA-2026:9258",
    "cpe" : "cpe:/a:redhat:rhel_e4s:9.2",
    "package" : "perl-XML-Parser-0:2.46-9.el9_2.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.4 Extended Update Support",
    "release_date" : "2026-04-21T00:00:00Z",
    "advisory" : "RHSA-2026:9259",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.4",
    "package" : "perl-XML-Parser-0:2.46-9.el9_4.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.6 Extended Update Support",
    "release_date" : "2026-04-22T00:00:00Z",
    "advisory" : "RHSA-2026:9605",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.6",
    "package" : "perl-XML-Parser-0:2.46-9.el9_6.1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Affected",
    "package_name" : "perl-XML-Parser",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2006-10002\nhttps://nvd.nist.gov/vuln/detail/CVE-2006-10002\nhttps://github.com/cpan-authors/XML-Parser/commit/6b291f4d260fc124a6ec80382b87a918f372bc6b.patch\nhttps://github.com/cpan-authors/XML-Parser/issues/64\nhttps://rt.cpan.org/Ticket/Display.html?id=19859" ],
  "name" : "CVE-2006-10002",
  "mitigation" : {
    "value" : "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
    "lang" : "en:us"
  },
  "csaw" : false
}