{"id":"CVE-2016-6185","details":"The XSLoader::load method in XSLoader in Perl does not properly locate .so files when called in a string eval, which might allow local users to execute arbitrary code via a Trojan horse library under the current working directory.","modified":"2026-04-16T06:16:11.628115180Z","published":"2016-08-02T14:59:02.943Z","related":["SUSE-SU-2016:2246-1","SUSE-SU-2016:2263-1","SUSE-SU-2017:2699-1","SUSE-SU-2017:2700-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5RFDMASVZLFZYBB2GNTZXU6I76E4NA4V/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PRIPTDA6XINBVEJXI2NGLKVEINBREHTN/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ITYZJXQH24X2F2LAOQEQAC5KXLYJTJ76/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3625-1/"},{"type":"ADVISORY","url":"http://www.debian.org/security/2016/dsa-3628"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/08/5"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/91685"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3625-2/"},{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2016/07/07/1"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1036260"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201701-75"},{"type":"REPORT","url":"http://perl5.git.perl.org/perl.git/commitdiff/08e3451d7"},{"type":"FIX","url":"https://rt.cpan.org/Public/Bug/Display.html?id=115808"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/perl/perl5","events":[{"introduced":"7c499b7fd47e7232467f4cb7ffd590dc0edf2168"},{"fixed":"443bd156a6baaf7a8fe6b6b05fcf6c4178140ed2"},{"introduced":"2c5484a6fb758fd9bd9f56d504186972d12dd338"},{"fixed":"c137098022dcef5e7ea32608e5299276efea6457"}],"database_specific":{"versions":[{"introduced":"5.23.0"},{"fixed":"5.24.1"},{"introduced":"5.25.0"},{"fixed":"5.25.3"}]}}],"versions":["if-0.0605","v5.23.0","v5.23.1","v5.23.2","v5.23.3","v5.23.4","v5.23.6","v5.23.7","v5.24.0","v5.24.0-RC1","v5.24.0-RC2","v5.24.0-RC3","v5.24.0-RC4","v5.24.0-RC5","v5.24.1-RC1","v5.24.1-RC2","v5.24.1-RC3","v5.24.1-RC4","v5.24.1-RC5","v5.25.0","v5.25.2"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-6185.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"22"}]},{"events":[{"introduced":"0"},{"last_affected":"23"}]},{"events":[{"introduced":"0"},{"last_affected":"24"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"10"}]},{"events":[{"introduced":"0"},{"last_affected":"11.3"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.10"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}