The perl-XML-Parser library is vulnerable to memory and heap corruption leading to denial of service via crafted or deeply nested XML input (CVE-2006-10002, CVSS 7.5 HIGH; CVE-2006-10003, CVSS 9.8 CRITICAL). Affected versions are those prior to 2.48, and the fix is to upgrade to version 2.48.
Red Hat Product Errata RHSA-2026:9258 - Security Advisory Issued: 2026-04-21 Updated: 2026-04-21 RHSA-2026:9258 - Security Advisory Overview Updated Packages Synopsis Important: perl-XML-Parser security update Type/Severity Security Advisory: Important Red Hat Lightspeed patch analysis Identify and remediate systems affected by this advisory. View affected systems Topic An update for perl-XML-Parser is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description This module provides ways to parse XML documents. It is built on top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. Each call to one of the parsing methods creates a new instance of XML::Parser::Expat which is then used to parse the document. Expat options may be provided when the XML::Parser object is created. These options are then passed on to the Expat object on each parse call. They can also be given as extra arguments to the parse methods, in which case they override options given at XML::Parser creation time. Security Fix(es): perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files (CVE-2006-10003) perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input (CVE-2006-10002) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Solution For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 Affected Products Red Hat Enterprise Linux Server - AUS 9.2 x86_64 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 aarch64 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 s390x Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 x86_64 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 aarch64 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 ppc64le Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 s390x Fixes BZ - 2448999 - CVE-2006-10003 perl-xml-parser: XML::Parser: Memory corruption via deeply nested XML files BZ - 2449001 - CVE-2006-10002 perl-xml-parser: XML::Parser for Perl: Heap corruption and denial of service from crafted XML input CVEs CVE-2006-10002 CVE-2006-10003 References https://access.redhat.com/security/updates/classification/#important Note: More recent versions of these packages may be available. Click a package name for more details. Red Hat Enterprise Linux Server - AUS 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 x86_64 perl-XML-Parser-2.46-9.el9_2.1.x86_64.rpm SHA-256: cd7493903ef0a8c77bf17dcf880a9e5148d1b815b35373e41903d55685b20d72 perl-XML-Parser-debuginfo-2.46-9.el9_2.1.x86_64.rpm SHA-256: a4ac997164869fa6cb252b3c2c2833f39538e92f05deb9eab838d8876b127712 perl-XML-Parser-debugsource-2.46-9.el9_2.1.x86_64.rpm SHA-256: 4c440e06940f99498301d1bdd5bf92741669104d6998639432f1f4df1ce68214 Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 ppc64le perl-XML-Parser-2.46-9.el9_2.1.ppc64le.rpm SHA-256: 83af0c5f00c206ec1689676afc814fc9d7eea5d8cebcff3167853a817d916c1a perl-XML-Parser-debuginfo-2.46-9.el9_2.1.ppc64le.rpm SHA-256: 614f60fbe22d5ab0853c1b9ca4743f072e4fd1307166f447480fa887b04eaea8 perl-XML-Parser-debugsource-2.46-9.el9_2.1.ppc64le.rpm SHA-256: ecab8c28a7f3bf5f8e092b92d55aa5e83e59850ec5a08c77b7b95a997271c56e Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 x86_64 perl-XML-Parser-2.46-9.el9_2.1.x86_64.rpm SHA-256: cd7493903ef0a8c77bf17dcf880a9e5148d1b815b35373e41903d55685b20d72 perl-XML-Parser-debuginfo-2.46-9.el9_2.1.x86_64.rpm SHA-256: a4ac997164869fa6cb252b3c2c2833f39538e92f05deb9eab838d8876b127712 perl-XML-Parser-debugsource-2.46-9.el9_2.1.x86_64.rpm SHA-256: 4c440e06940f99498301d1bdd5bf92741669104d6998639432f1f4df1ce68214 Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 aarch64 perl-XML-Parser-2.46-9.el9_2.1.aarch64.rpm SHA-256: 163d958dab27c542a804d89826664b327766c9e0308ddd018fb38dcf4c1bb53b perl-XML-Parser-debuginfo-2.46-9.el9_2.1.aarch64.rpm SHA-256: 333c62d4d483f1be3295d42fd6cf818908920534849a6cd4110df7aef22df720 perl-XML-Parser-debugsource-2.46-9.el9_2.1.aarch64.rpm SHA-256: ee4d8e6eded7670ad324ff87194bc86b0dca4aaab59b29ba5d3f3672083cab42 Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 s390x perl-XML-Parser-2.46-9.el9_2.1.s390x.rpm SHA-256: b5dec1539fd071b09486960dcad9137294e3e4e66fdabf47ad22a32b71ba7587 perl-XML-Parser-debuginfo-2.46-9.el9_2.1.s390x.rpm SHA-256: 6b93bc668a2f91b3ea99ffe7793e777ba4d12c0ff7af7b8ec22e6c2541d00ee7 perl-XML-Parser-debugsource-2.46-9.el9_2.1.s390x.rpm SHA-256: 68b4d49c780d101032fd973bb4888dd08aa36a3acddd3aeb5f2afdc4f54dda54 Red Hat Enterprise Linux for x86_64 - Extended Life Cycle 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 x86_64 perl-XML-Parser-2.46-9.el9_2.1.x86_64.rpm SHA-256: cd7493903ef0a8c77bf17dcf880a9e5148d1b815b35373e41903d55685b20d72 perl-XML-Parser-debuginfo-2.46-9.el9_2.1.x86_64.rpm SHA-256: a4ac997164869fa6cb252b3c2c2833f39538e92f05deb9eab838d8876b127712 perl-XML-Parser-debugsource-2.46-9.el9_2.1.x86_64.rpm SHA-256: 4c440e06940f99498301d1bdd5bf92741669104d6998639432f1f4df1ce68214 Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 aarch64 perl-XML-Parser-2.46-9.el9_2.1.aarch64.rpm SHA-256: 163d958dab27c542a804d89826664b327766c9e0308ddd018fb38dcf4c1bb53b perl-XML-Parser-debuginfo-2.46-9.el9_2.1.aarch64.rpm SHA-256: 333c62d4d483f1be3295d42fd6cf818908920534849a6cd4110df7aef22df720 perl-XML-Parser-debugsource-2.46-9.el9_2.1.aarch64.rpm SHA-256: ee4d8e6eded7670ad324ff87194bc86b0dca4aaab59b29ba5d3f3672083cab42 Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 ppc64le perl-XML-Parser-2.46-9.el9_2.1.ppc64le.rpm SHA-256: 83af0c5f00c206ec1689676afc814fc9d7eea5d8cebcff3167853a817d916c1a perl-XML-Parser-debuginfo-2.46-9.el9_2.1.ppc64le.rpm SHA-256: 614f60fbe22d5ab0853c1b9ca4743f072e4fd1307166f447480fa887b04eaea8 perl-XML-Parser-debugsource-2.46-9.el9_2.1.ppc64le.rpm SHA-256: ecab8c28a7f3bf5f8e092b92d55aa5e83e59850ec5a08c77b7b95a997271c56e Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle 9.2 SRPM perl-XML-Parser-2.46-9.el9_2.1.src.rpm SHA-256: 3e130f14197a1fb4c65a3ba5c75de18d736c92d3742eb8689d055fb0a4ec35c2 s390x perl-XML-Parser-2.46-9.el9_2.1.s390x.rpm SHA-256: b5dec1539fd071b09486960dcad9137294e3e4e66fdabf47ad22a32b71ba7587 perl-XML-Parser-debuginfo-2.46-9.el9_2.1.s390x.rpm SHA-256: 6b93bc668a2f91b3ea99ffe7793e777ba4d12c0ff7af7b8ec22e6c2541d00ee7 perl-XML-Parser-debugsource-2.46-9.el9_2.1.s390x.rpm SHA-256: 68b4d49c780d101032fd973bb4888dd08aa36a3acddd3aeb5f2afdc4f54dda54 The Red Hat security contact is secalert@redhat.com . More contact details at https://access.redhat.com/security/team/contact/ .