CPANSA-perl-2016-2381: perl vulnerability
| Publisher | giterlizzi | Document category | csaf_security_advisory |
|---|---|---|---|
| Initial release date | 2016-04-08T00:00:00 | Engine | CSAF Perl Toolkit 0.25 |
| Current release date | 2016-04-08T00:00:00 | Build Date | |
| Current version | 1 | Status | final |
| CVSS v3.1 Base Score | 7.5 | Severity | High |
| Original language | Language | en | |
| Also referred to | |||
Vulnerability Description
Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Vulnerabilities
CVE-2016-2381
Vulnerability DescriptionPerl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
| Weakness | CWE-20 : Improper Input Validation |
|---|
Product status
Known affected
| Product | Score | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| perl less than 5.22.1 |
|
Fixed
- perl greater than or equal 5.22.1
giterlizzi
Namespace: https://github.com/giterlizzi/
gdt@cpan.org
References
- CPANSA-perl-2016-2381 JSON self
https://raw.githubusercontent.com/giterlizzi/perl-CPANSA-CSAF/develop/csaf/white/2016/cpansa-perl-2016-2381.json - http://www.gossamer-threads.com/lists/perl/porters/326387 external
http://www.gossamer-threads.com/lists/perl/porters/326387 - http://www.debian.org/security/2016/dsa-3501 external
http://www.debian.org/security/2016/dsa-3501 - http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 external
http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076 - https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 external
https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731 - http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html external
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html - http://www.securityfocus.com/bid/83802 external
http://www.securityfocus.com/bid/83802 - http://www.ubuntu.com/usn/USN-2916-1 external
http://www.ubuntu.com/usn/USN-2916-1 - http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html external
http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html - https://security.gentoo.org/glsa/201701-75 external
https://security.gentoo.org/glsa/201701-75 - http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html external
http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html - http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html external
http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html - https://www.oracle.com/security-alerts/cpuapr2020.html external
https://www.oracle.com/security-alerts/cpuapr2020.html - https://www.oracle.com/security-alerts/cpujul2020.html external
https://www.oracle.com/security-alerts/cpujul2020.html - CVE-2016-2381 (NVD) external
https://nvd.nist.gov/vuln/detail/CVE-2016-2381
Revision history
| Version | Date of the revision | Summary of the revision |
|---|---|---|
| 1 | Fri Apr 8 00:00:00 2016 | First release |
Sharing rules
TLP:WHITE
For the TLP version see: https://www.first.org/tlp/