{"id":"CVE-2016-2381","details":"Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.","modified":"2026-04-16T06:21:15.478201282Z","published":"2016-04-08T15:59:05.183Z","related":["SUSE-SU-2016:2246-1","SUSE-SU-2016:2263-1","SUSE-SU-2017:2699-1","SUSE-SU-2017:2700-1"],"references":[{"type":"ADVISORY","url":"http://www.gossamer-threads.com/lists/perl/porters/326387"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-2916-1"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpuapr2020.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-updates/2016-03/msg00112.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/83802"},{"type":"ADVISORY","url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-75"},{"type":"ADVISORY","url":"https://www.oracle.com/security-alerts/cpujul2020.html"},{"type":"ADVISORY","url":"http://perl5.git.perl.org/perl.git/commitdiff/ae37b791a73a9e78dedb89fb2429d2628cf58076"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3501"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/perl/perl5","events":[{"introduced":"0"},{"fixed":"8f6d78186d3cbb6ae14697aeb3f10a2273fcbd6f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"5.23.9"}]}}],"versions":["GitLive-blead","if-0.0603","if-0.0604","if-0.0605","perl-1.0","perl-2.0","perl-3.000","perl-3.044","perl-4.0.00","perl-4.0.36","perl-5.000","perl-5.000o","perl-5.001","perl-5.001n","perl-5.002","perl-5.002_01","perl-5.003","perl-5.005","perl-5.6.0","perl-5.7.0","perl-5.7.1","perl-5.7.2","perl-5.7.3","perl-5.8.0","perl-5.9.0","perl-5.9.1","perl-5.9.2","perl-5.9.3","perl-5.9.4","perl-5.9.5","perl-5a2","perl-5a9","v5.10.0","v5.11.0","v5.11.1","v5.11.3","v5.11.4","v5.11.5","v5.12.0","v5.12.0-RC0","v5.12.0-RC1","v5.12.0-RC2","v5.12.0-RC3","v5.12.0-RC4","v5.12.0-RC5","v5.13.0","v5.13.1","v5.13.10","v5.13.11","v5.13.2","v5.13.3","v5.13.4","v5.13.5","v5.13.6","v5.13.7","v5.13.8","v5.13.9","v5.14.0","v5.14.0-RC1","v5.14.0-RC2","v5.14.0-RC3","v5.15.0","v5.15.1","v5.15.2","v5.15.3","v5.15.4","v5.15.5","v5.15.9","v5.16.0","v5.16.0-RC1","v5.16.0-RC2","v5.17.0","v5.17.2","v5.17.4","v5.17.6","v5.17.7","v5.17.7.0","v5.17.8","v5.17.9","v5.18.0","v5.18.0-RC1","v5.18.0-RC2","v5.18.0-RC3","v5.18.0-RC4","v5.19.0","v5.19.1","v5.19.11","v5.19.2","v5.19.3","v5.19.5","v5.19.7","v5.20.0","v5.20.0-RC1","v5.21.0","v5.21.1","v5.21.10","v5.21.11","v5.21.4","v5.21.5","v5.21.6","v5.21.8","v5.21.9","v5.22.0","v5.22.0-RC1","v5.22.0-RC2","v5.23.0","v5.23.1","v5.23.2","v5.23.3","v5.23.4","v5.23.6","v5.23.7"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.5"}]},{"events":[{"introduced":"0"},{"fixed":"12.1.2.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.2.0.6"}]},{"events":[{"introduced":"0"},{"last_affected":"11.2.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"12.1.0.2"}]},{"events":[{"introduced":"0"},{"last_affected":"12.2.0.1"}]},{"events":[{"introduced":"0"},{"last_affected":"18c"}]},{"events":[{"introduced":"0"},{"last_affected":"19c"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2.0.0.0"}]},{"events":[{"introduced":"0"},{"last_affected":"13.3.0.0.0"}]},{"events":[{"introduced":"0"},{"fixed":"18.1.2.1.0"}]},{"events":[{"introduced":"0"},{"last_affected":"11.3"}]},{"events":[{"introduced":"0"},{"last_affected":"13.2"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"15.10"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-2381.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}