High severity7.8NVD Advisory· Published Aug 2, 2016· Updated May 6, 2026
CVE-2016-6185
CVE-2016-6185
Description
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
14- rt.cpan.org/Public/Bug/Display.htmlnvdExploitIssue TrackingPatchThird Party Advisory
- perl5.git.perl.org/perl.git/commitdiff/08e3451d7nvdIssue TrackingVendor Advisory
- www.debian.org/security/2016/dsa-3628nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/07/07/1nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2016/07/08/5nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/91685nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036260nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201701-75nvdThird Party Advisory
- usn.ubuntu.com/3625-1/nvdThird Party Advisory
- usn.ubuntu.com/3625-2/nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/nvd
News mentions
0No linked articles in our index yet.