Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2016-6185

Published: 02/08/2016 Updated: 07/11/2023
CVSS v2 Base Score: 4.6 | Impact Score: 6.4 | Exploitability Score: 3.9
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 409
Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Perl

Vulnerability Summary

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

perl perl

fedoraproject fedora 22

fedoraproject fedora 24

fedoraproject fedora 23

debian debian linux 8.0

oracle solaris 11.3

oracle solaris 10

canonical ubuntu linux 16.04

canonical ubuntu linux 12.04

canonical ubuntu linux 17.10

canonical ubuntu linux 14.04

Vendor Advisories

Debian CVElist Bug Report Logs: perl: CVE-2016-6185: XSLoader tries to load code from '(eval 1)/' when called inside a string eval
Debian Bug report logs - #829578 perl: CVE-2016-6185: XSLoader tries to load code from '(eval 1)/' when called inside a string eval Package: perl; Maintainer for perl is Niko Tyni <ntyni@debianorg>; Source for perl is src:perl (PTS, buildd, popcon) Affects: check-all-the-things Reported by: Jakub Wilk <jwilk@debianorg&gt ...
Ubuntu Security Notice: perl vulnerabilities
Several security issues were fixed in Perl ...
Ubuntu Security Notice: perl vulnerabilities
Several security issues were fixed in Perl ...
Debian Security Advisories: DSA-3628-1 perl -- security update
Multiple vulnerabilities were discovered in the implementation of the Perl programming language The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2016-1238 John Lightsey and Todd Rinaldo reported that the opportunistic loading of optional modules can make many programs unintentionally load code fr ...
Red Hat: CVE-2016-6185
The XSLoader::load method in XSLoader in Perl does not properly locate so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory ...

References

NVD-CWE-noinfohttp://perl5.git.perl.org/perl.git/commitdiff/08e3451d7http://www.openwall.com/lists/oss-security/2016/07/07/1http://www.openwall.com/lists/oss-security/2016/07/08/5https://rt.cpan.org/Public/Bug/Display.html?id=115808http://www.debian.org/security/2016/dsa-3628http://www.securitytracker.com/id/1036260http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/91685https://security.gentoo.org/glsa/201701-75https://usn.ubuntu.com/3625-2/https://usn.ubuntu.com/3625-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=829578https://usn.ubuntu.com/3625-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2021-35000CVE-2024-4439unauthorizedCVE-2024-0042CVE-2024-31848CVE-2023-40694cache poisoningCVE-2024-23707firmware
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook