High severity7.5NVD Advisory· Published Apr 8, 2016· Updated May 6, 2026

CVE-2016-2381

Description

Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.

Affected products

Oracle Corporation/Communications Billing And Revenue Management
cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*
Oracle Corporation/Configuration Manager2 versions
cpe:2.3:a:oracle:configuration_manager:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:configuration_manager:*:*:*:*:*:*:*:*range: <12.1.2.0.4
- cpe:2.3:a:oracle:configuration_manager:12.1.2.0.6:*:*:*:*:*:*:*
Oracle Corporation/Database Server5 versions
cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*
Oracle Corporation/Enterprise Manager Base Platform2 versions
cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*
Oracle Corporation/Timesten In Memory Database
cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*
Range: <18.1.2.1.0
Perl Foundation/Perl
cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*
Range: <5.23.9
Canonical (company)/Ubuntu Linux3 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 2 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*
Debian/Debian Linux2 versions
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
OpenSUSE/openSUSE
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
Oracle Corporation/Solaris
cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.opensuse.org/opensuse-updates/2016-03/msg00112.htmlnvdMailing ListThird Party Advisory
perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076nvdVendor Advisory
www.debian.org/security/2016/dsa-3501nvdThird Party Advisory
www.gossamer-threads.com/lists/perl/porters/326387nvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.htmlnvdThird Party Advisory
www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.htmlnvdThird Party Advisory
www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
www.securityfocus.com/bid/83802nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-2916-1nvdThird Party Advisory
h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplaynvdThird Party Advisory
security.gentoo.org/glsa/201701-75nvdThird Party Advisory
www.oracle.com/security-alerts/cpuapr2020.htmlnvdThird Party Advisory
www.oracle.com/security-alerts/cpujul2020.htmlnvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.022
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000