CVE-2016-2381

Published Apr 8, 2016

Last updated 4 years ago

CVSS high 7.5

Overview

Description: Perl might allow context-dependent attackers to bypass the taint protection mechanism in a child process via duplicate environment variables in envp.
Source: cve@mitre.org
NVD status: Analyzed

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DA7A9701-8475-4AD0-A669-0B61883E0081",
            "versionEndExcluding": "5.23.9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F"
          },
          {
            "criteria": "cpe:2.3:a:oracle:configuration_manager:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AF5D151-5CD2-4C36-939F-829FA976EA6E",
            "versionEndExcluding": "12.1.2.0.4"
          },
          {
            "criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "655DB795-DD05-4A47-AE82-85EEF7AD1DFC"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database_server:11.2.0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C1E11A25-C7CE-49DF-99CA-352FD21B8230"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C614BA7-7103-4ED7-ADD0-56064FE256A3"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database_server:18c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6833701E-5510-4180-9523-9CFD318DEE6A"
          },
          {
            "criteria": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B2204841-585F-40C7-A1D9-C34E612808CA"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70"
          },
          {
            "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D"
          },
          {
            "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F06877B6-A08F-4305-874E-6CD691B88D12",
            "versionEndExcluding": "18.1.2.1.0"
          },
          {
            "criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E88A537F-F4D0-46B9-9E37-965233C2A355"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References