{"id":"CVE-2016-6185","details":"The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.","modified":"2026-04-16T01:38:40.469498938Z","published":"2016-08-02T14:59:02.943Z","related":["SUSE-SU-2016:2246-1","SUSE-SU-2016:2263-1","SUSE-SU-2017:2699-1","SUSE-SU-2017:2700-1"],"database_specific":{"unresolved_ranges":[{"extracted_events":[{"last_affected":"12.04"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*"},{"extracted_events":[{"last_affected":"14.04"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"extracted_events":[{"last_affected":"16.04"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"extracted_events":[{"last_affected":"17.10"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"8.0"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"22"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"23"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*"},{"cpe":"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"24"}]},{"extracted_events":[{"last_affected":"10"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*"},{"extracted_events":[{"last_affected":"11.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3628"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/07/1"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/08/5"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91685"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036260"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-75"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3625-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3625-2/"},{"type":"REPORT","url":"http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"},{"type":"FIX","url":"https://rt.cpan.org/Public/Bug/Display.html?id=115808"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/perl/perl5","events":[{"introduced":"7c499b7fd47e7232467f4cb7ffd590dc0edf2168"},{"fixed":"443bd156a6baaf7a8fe6b6b05fcf6c4178140ed2"},{"introduced":"2c5484a6fb758fd9bd9f56d504186972d12dd338"},{"fixed":"c137098022dcef5e7ea32608e5299276efea6457"}],"database_specific":{"extracted_events":[{"introduced":"5.23.0"},{"fixed":"5.24.1"},{"introduced":"5.25.0"},{"fixed":"5.25.3"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*"}}],"versions":["if-0.0605","v5.23.0","v5.23.1","v5.23.2","v5.23.3","v5.23.4","v5.23.6","v5.23.7","v5.24.0","v5.24.0-RC1","v5.24.0-RC2","v5.24.0-RC3","v5.24.0-RC4","v5.24.0-RC5","v5.24.1-RC1","v5.24.1-RC2","v5.24.1-RC3","v5.24.1-RC4","v5.24.1-RC5","v5.25.0","v5.25.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6185.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}