CVE-2016-1238

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Perl versions prior to 5.22.3-RC2 Perl versions 5.24 prior to 5.24.1-RC2

Description The issue is related to errors in privilege management in the Perl interpreter, specifically with the handling of the included directory array ("@INC"). This could allow a local user to gain privileges via a Trojan horse module under the current working directory by exploiting the failure to properly remove period characters from the end of the includes directory array.

Recommendations For Perl versions prior to 5.22.3-RC2, update to version 5.22.3-RC2 or later. For Perl versions 5.24 prior to 5.24.1-RC2, update to version 5.24.1-RC2 or later. As a temporary workaround, consider restricting access to the vulnerable modules under the current working directory to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2017-1051

ALT-PU-2017-2043

BDU:2022-02560

CVE-2016-1238

DLA-1578-1

DLA-565-1

DLA-584-1

DSA-3628-1

MGASA-2018-0047

MGASA-2018-0425

OPENSUSE-SU-2019:0297-1

OPENSUSE-SU-2019:1831-1

OPENSUSE-SU-2019_0297-1

OPENSUSE-SU-2019_1831-1

OPENSUSE-SU-2024:10523-1

OPENSUSE-SU-2024:10614-1

OPENSUSE-SU-2024:10860-1

OPENSUSE-SU-2024:11162-1

OPENSUSE-SU-2024:11163-1

OPENSUSE-SU-2024:11706-1

OPENSUSE-SU-2025:14657-1

SUSE-SU-2016:2246-1

SUSE-SU-2016:2263-1

SUSE-SU-2017:2699-1

SUSE-SU-2017:2700-1

SUSE-SU-2019:0505-1

SUSE-SU-2019:1961-1

SUSE-SU-2019:2011-1

SUSE-SU-2019_0505-1

Affected Products

Alt Linux

Perl

Suse

CVE-2016-1238

Weakness Enumeration

Related Identifiers

Affected Products

References · 133