suse · CVE-2006-10002

Quick triage

Priority: high Published: 2026-04-18 20:36:30 UTC Updated: 2026-04-18 20:36:30 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2006-10002 severity important: SUSE including 239 source package names (amazon/suse-sles-15-sp1-chost-byos-v20210304-hvm-ssd-x86_64, amazon/suse-sles-15-sp1-chost-byos-v20220127-hvm-ssd-x86_64, …), 273 product×package rows across 42 product lines (Image SLE-Micro-Azure, Image SLE-Micro-BYOS-Azure, … (42 product lines)): Known Affected 231, Fixed 41, First Fixed 1.

Description:

XML::Parser versions through 2.45 for Perl could overflow the pre-allocated buffer size cause a heap corruption (double free or corruption) and crashes. A :utf8 PerlIO layer, parse_stream() in Expat.xs could overflow the XML input buffer because Perl's read() returns decoded characters while SvPV() gives back multi-byte UTF-8 bytes that can exceed the pre-allocated buffer size. This can cause heap corruption (double free or corruption) and crashes.

cvelogic Threat Intelligence