← Back

CVE-2016-6185

nvd nist
Published: Aug 2, 2016Modified: May 6, 2026

JSON object

Loading...
7.8
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.8 / Impact: 5.9
Source: NVD

Description

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Affected (12)

Products: Perl: Perl · Fedoraproject: Fedora · Debian: Debian Linux · +2 more
Show all products
Perl: Perl · Fedoraproject: Fedora · Debian: Debian Linux · Oracle: Solaris · Canonical: Ubuntu Linux
Perl
1 product
Perl
Fedoraproject
1 product
Fedora
Debian
1 product
Debian Linux
Oracle
1 product
Solaris
Canonical
1 product
Ubuntu Linux
Configuration A
2 vulnerable
Vulnerable SoftwareAffected Versions
Perl
Perl
From 5.23.0 to 5.24.1
Perl
From 5.25.0 to 5.25.3
Configuration B
3 vulnerable
Vulnerable SoftwareAffected Versions
Fedoraproject
Fedora
Version 22
Fedora
Version 23
Fedora
Version 24
Configuration C
1 vulnerable
Vulnerable SoftwareAffected Versions
Debian Linux
Version 8.0
Configuration D
2 vulnerable
Vulnerable SoftwareAffected Versions
Oracle
Solaris
Version 10
Solaris
Version 11.3
Configuration E
4 vulnerable
Vulnerable SoftwareAffected Versions
Canonical
Ubuntu Linux
Version 12.04
Ubuntu Linux
Version 14.04
Ubuntu Linux
Version 16.04
Ubuntu Linux
Version 17.10

References (28)

Source: security@debian.org
Issue TrackingVendor Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Mailing ListThird Party Advisory
Source: security@debian.org
Mailing ListThird Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party AdvisoryVDB Entry
Source: security@debian.org
Third Party AdvisoryVDB Entry
Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
Source: security@debian.org
ExploitIssue TrackingPatchThird Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: security@debian.org
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party AdvisoryVDB Entry
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.