CPANSA-perl-2016-6185: perl vulnerability

Publisher giterlizzi Document category csaf_security_advisory
Initial release date 2016-08-02T00:00:00 Engine CSAF Perl Toolkit 0.25
Current release date 2016-08-02T00:00:00 Build Date
Current version 1 Status final
CVSS v3.1 Base Score 7.8 Severity High
Original language Language en
Also referred to

Vulnerability Description

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Vulnerabilities

CVE-2016-6185

Vulnerability Description

The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.

Product status

Known affected
Product Score
perl greater than or equal 5.22.0 and less than 5.24.0
CVSS Version CVSS Vector CVSS Base Score CVSS Base Severity
3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 7.8 High
2.0 AV:L/AC:L/Au:N/C:P/I:P/A:P 4.6 Medium
Fixed

giterlizzi

Namespace: https://github.com/giterlizzi/

gdt@cpan.org

References

Revision history

Version Date of the revision Summary of the revision
1 Tue Aug 2 00:00:00 2016 First release

Sharing rules

TLP:WHITE
For the TLP version see: https://www.first.org/tlp/