← Back

CVE-2016-2381

nvd nist
Published: Apr 8, 2016Modified: May 6, 2026

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Affected (19)

Show all products
Perl: Perl · Debian: Debian Linux · Oracle: Communications Billing And Revenue Management, Configuration Manager, Database Server, Enterprise Manager Base Platform, Solaris, Timesten In Memory Database · Opensuse: Opensuse · Canonical: Ubuntu Linux
Perl
1 product
Perl
Debian
1 product
Debian Linux
Oracle
6 products
Communications Billing And Revenue Management
Configuration Manager
Database Server
Enterprise Manager Base Platform
Solaris
Timesten In Memory Database
Opensuse
1 product
Opensuse
Canonical
1 product
Ubuntu Linux
Configuration A
1 vulnerable
Vulnerable SoftwareAffected Versions
Perl
Before 5.23.9
Configuration B
2 vulnerable
Vulnerable SoftwareAffected Versions
Debian
Debian Linux
Version 7.0
Debian Linux
Version 8.0
Configuration C
12 vulnerable
Vulnerable SoftwareAffected Versions
Communications Billing And Revenue Management
Version 7.5
Oracle
Configuration Manager
Before 12.1.2.0.4
Configuration Manager
Version 12.1.2.0.6
Oracle
Database Server
Version 11.2.0.4
Database Server
Version 12.1.0.2
Database Server
Version 12.2.0.1
Database Server
Version 18c
Database Server
Version 19c
Oracle
Enterprise Manager Base Platform
Version 13.2.0.0.0
Enterprise Manager Base Platform
Version 13.3.0.0.0
Solaris
Version 11.3
Timesten In Memory Database
Before 18.1.2.1.0
Configuration D
1 vulnerable
Vulnerable SoftwareAffected Versions
Opensuse
Version 13.2
Configuration E
3 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 15.10

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (26)

Source: cve@mitre.org
Mailing ListThird Party Advisory
Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party AdvisoryVDB Entry
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: cve@mitre.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.