High severity7.8NVD Advisory· Published Aug 2, 2016· Updated Jun 17, 2026
CVE-2016-6185
CVE-2016-6185
Description
The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
18cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*range: >=5.23.0,<5.24.1
- (no CPE)
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*
- cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*
- osv-coords6 versionspkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP1pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/perl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4
< 5.18.2-11.1+ 5 more
- (no CPE)range: < 5.18.2-11.1
- (no CPE)range: < 5.10.0-64.80.1
- (no CPE)range: < 5.18.2-11.1
- (no CPE)range: < 5.10.0-64.80.1
- (no CPE)range: < 5.18.2-11.1
- (no CPE)range: < 5.10.0-64.80.1
Patches
Vulnerability mechanics
References
14- rt.cpan.org/Public/Bug/Display.htmlnvdExploitIssue TrackingPatchThird Party Advisory
- perl5.git.perl.org/perl.git/commitdiff/08e3451d7nvdIssue TrackingVendor Advisory
- www.debian.org/security/2016/dsa-3628nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2016/07/07/1nvdMailing ListThird Party Advisory
- www.openwall.com/lists/oss-security/2016/07/08/5nvdMailing ListThird Party Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlnvdThird Party Advisory
- www.securityfocus.com/bid/91685nvdThird Party AdvisoryVDB Entry
- www.securitytracker.com/id/1036260nvdThird Party AdvisoryVDB Entry
- security.gentoo.org/glsa/201701-75nvdThird Party Advisory
- usn.ubuntu.com/3625-1/nvdThird Party Advisory
- usn.ubuntu.com/3625-2/nvdThird Party Advisory
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/nvd
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/nvd
News mentions
0No linked articles in our index yet.