What is the severity of CVE-2016-1238?

CVE-2016-1238 is classified as a moderate severity vulnerability.

How do I fix CVE-2016-1238?

To fix CVE-2016-1238, you should update your Perl packages to the latest versions that address this vulnerability.

What products are affected by CVE-2016-1238?

CVE-2016-1238 impacts several versions of Perl and specific distributions such as Debian 8.0 and Fedora versions 23 and 24.

What are the potential impacts of CVE-2016-1238?

The potential impacts of CVE-2016-1238 include denial of service and unauthorized access, depending on the context of the Perl applications in use.

Was CVE-2016-1238 disclosed publicly?

Yes, CVE-2016-1238 was publicly disclosed and is documented in multiple security advisories.

Vulnerability/
CVE-2016-1238

high

7.8

CWE

264

2/8/2016

5/8/2024

CVE-2016-1238

First published: Tue Aug 02 2016(Updated: )

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

Credit: security@debian.org

Affected Software	Affected Version	How to fix
Debian	=8.0
Fedora	=23
Fedora	=24
Perl	=1.0.15
Perl	=1.0.16
Perl	=5.000
Perl	=5.000o
Perl	=5.001
Perl	=5.001n
Perl	=5.002
Perl	=5.002_01
Perl	=5.003
Perl	=5.003_01
Perl	=5.003_02
Perl	=5.003_03
Perl	=5.003_04
Perl	=5.003_05
Perl	=5.003_07
Perl	=5.003_08
Perl	=5.003_09
Perl	=5.003_10
Perl	=5.003_11
Perl	=5.003_12
Perl	=5.003_13
Perl	=5.003_14
Perl	=5.003_15
Perl	=5.003_16
Perl	=5.003_17
Perl	=5.003_18
Perl	=5.003_19
Perl	=5.003_20
Perl	=5.003_21
Perl	=5.003_22
Perl	=5.003_23
Perl	=5.003_24
Perl	=5.003_25
Perl	=5.003_26
Perl	=5.003_27
Perl	=5.003_28
Perl	=5.003_90
Perl	=5.003_91
Perl	=5.003_92
Perl	=5.003_93
Perl	=5.003_94
Perl	=5.003_95
Perl	=5.003_96
Perl	=5.003_97
Perl	=5.003_97a
Perl	=5.003_97b
Perl	=5.003_97c
Perl	=5.003_97d
Perl	=5.003_97e
Perl	=5.003_97f
Perl	=5.003_97g
Perl	=5.003_97h
Perl	=5.003_97i
Perl	=5.003_97j
Perl	=5.003_98
Perl	=5.003_99
Perl	=5.003_99a
Perl	=5.004
Perl	=5.004_01
Perl	=5.004_02
Perl	=5.004_03
Perl	=5.004_04
Perl	=5.004_05
Perl	=5.005
Perl	=5.005_01
Perl	=5.005_02
Perl	=5.005_03
Perl	=5.005_04
Perl	=5.6
Perl	=5.6.0
Perl	=5.6.1
Perl	=5.6.2
Perl	=5.7.3
Perl	=5.8
Perl	=5.8.0
Perl	=5.8.1
Perl	=5.8.2
Perl	=5.8.3
Perl	=5.8.4
Perl	=5.8.5
Perl	=5.8.6
Perl	=5.8.7
Perl	=5.8.8
Perl	=5.8.9
Perl	=5.8.9-rc1
Perl	=5.9.0
Perl	=5.9.1
Perl	=5.9.2
Perl	=5.9.3
Perl	=5.9.4
Perl	=5.9.5
Perl	=5.10
Perl	=5.10.0
Perl	=5.10.1
Perl	=5.10.1-rc1
Perl	=5.10.1-rc2
Perl	=5.11.0
Perl	=5.11.1
Perl	=5.11.2
Perl	=5.11.3
Perl	=5.11.4
Perl	=5.11.5
Perl	=5.12.0
Perl	=5.12.0-rc0
Perl	=5.12.0-rc1
Perl	=5.12.0-rc2
Perl	=5.12.0-rc3
Perl	=5.12.0-rc4
Perl	=5.12.0-rc5
Perl	=5.12.1
Perl	=5.12.1-rc0
Perl	=5.12.1-rc1
Perl	=5.12.1-rc2
Perl	=5.12.2
Perl	=5.12.2-rc1
Perl	=5.12.3
Perl	=5.12.3-rc1
Perl	=5.12.3-rc2
Perl	=5.12.3-rc3
Perl	=5.12.4
Perl	=5.12.4-rc1
Perl	=5.12.4-rc2
Perl	=5.12.5
Perl	=5.12.5-rc1
Perl	=5.12.5-rc2
Perl	=5.13.0
Perl	=5.13.1
Perl	=5.13.2
Perl	=5.13.3
Perl	=5.13.4
Perl	=5.13.5
Perl	=5.13.6
Perl	=5.13.7
Perl	=5.13.8
Perl	=5.13.9
Perl	=5.13.10
Perl	=5.13.11
Perl	=5.14.0
Perl	=5.14.0-rc1
Perl	=5.14.0-rc2
Perl	=5.14.0-rc3
Perl	=5.14.1
Perl	=5.14.1-rc1
Perl	=5.14.2
Perl	=5.14.2-rc1
Perl	=5.14.3
Perl	=5.14.3-rc1
Perl	=5.14.3-rc2
Perl	=5.14.4
Perl	=5.14.4-rc1
Perl	=5.14.4-rc2
Perl	=5.15.0
Perl	=5.15.1
Perl	=5.15.2
Perl	=5.15.3
Perl	=5.15.4
Perl	=5.15.5
Perl	=5.15.6
Perl	=5.15.7
Perl	=5.15.8
Perl	=5.15.9
Perl	=5.16.0
Perl	=5.16.0-rc1
Perl	=5.16.0-rc2
Perl	=5.16.1
Perl	=5.16.2
Perl	=5.16.3
Perl	=5.16.3-rc1
Perl	=5.17.0
Perl	=5.17.1
Perl	=5.17.2
Perl	=5.17.3
Perl	=5.17.4
Perl	=5.17.5
Perl	=5.17.6
Perl	=5.17.7
Perl	=5.17.7.0
Perl	=5.17.8
Perl	=5.17.9
Perl	=5.17.10
Perl	=5.17.11
Perl	=5.18.0
Perl	=5.18.0-rc1
Perl	=5.18.0-rc2
Perl	=5.18.0-rc3
Perl	=5.18.0-rc4
Perl	=5.18.1
Perl	=5.18.2
Perl	=5.18.2-rc1
Perl	=5.18.2-rc2
Perl	=5.18.2-rc3
Perl	=5.18.2-rc4
Perl	=5.18.3
Perl	=5.18.3-rc1
Perl	=5.18.3-rc2
Perl	=5.18.4
Perl	=5.19.0
Perl	=5.19.1
Perl	=5.19.2
Perl	=5.19.3
Perl	=5.19.4
Perl	=5.19.5
Perl	=5.19.6
Perl	=5.19.7
Perl	=5.19.8
Perl	=5.19.9
Perl	=5.19.10
Perl	=5.19.11
Perl	=5.20.0
Perl	=5.20.0-rc1
Perl	=5.20.1
Perl	=5.20.1-rc1
Perl	=5.20.1-rc2
Perl	=5.20.2
Perl	=5.20.2-rc1
Perl	=5.20.3
Perl	=5.20.3-rc1
Perl	=5.20.3-rc2
Perl	=5.21.0
Perl	=5.21.1
Perl	=5.21.2
Perl	=5.21.3
Perl	=5.21.4
Perl	=5.21.5
Perl	=5.21.6
Perl	=5.21.7
Perl	=5.21.8
Perl	=5.21.9
Perl	=5.21.10
Perl	=5.21.11
Perl	=5.22.0
Perl	=5.22.0-rc1
Perl	=5.22.0-rc2
Perl	=5.22.1
Perl	=5.22.1-rc1
Perl	=5.22.1-rc2
Perl	=5.22.1-rc3
Perl	=5.22.1-rc4
Perl	=5.22.2
Perl	=5.22.2-rc1
Perl	=5.22.3-rc1
Perl	=5.24.0
Perl	=5.24.0-rc1
Perl	=5.24.0-rc2
Perl	=5.24.0-rc3
Perl	=5.24.0-rc4
Perl	=5.24.0-rc5
Perl	=5.24.1-rc1
openSUSE	=15.0
Apache SpamAssassin	<3.4.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2016-1238?
CVE-2016-1238 is classified as a moderate severity vulnerability.
How do I fix CVE-2016-1238?
To fix CVE-2016-1238, you should update your Perl packages to the latest versions that address this vulnerability.
What products are affected by CVE-2016-1238?
CVE-2016-1238 impacts several versions of Perl and specific distributions such as Debian 8.0 and Fedora versions 23 and 24.
What are the potential impacts of CVE-2016-1238?
The potential impacts of CVE-2016-1238 include denial of service and unauthorized access, depending on the context of the Perl applications in use.
Was CVE-2016-1238 disclosed publicly?
Yes, CVE-2016-1238 was publicly disclosed and is documented in multiple security advisories.

agent/type
collector/mitre-cve
source/MITRE
agent/references
agent/last-modified-date
agent/weakness
agent/severity
agent/description
agent/event
agent/first-publish-date
agent/source
agent/author
agent/softwarecombine
agent/tags
collector/nvd-api
agent/software-canonical-lookup-request
collector/nvd-index
vendor/debian
canonical/debian
version/debian/8.0
vendor/fedoraproject
canonical/fedora
version/fedora/23
version/fedora/24
vendor/perl
canonical/perl
version/perl/1.0.15
version/perl/1.0.16
version/perl/5.000
version/perl/5.000o
version/perl/5.001
version/perl/5.001n
version/perl/5.002
version/perl/5.002_01
version/perl/5.003
version/perl/5.003_01
version/perl/5.003_02
version/perl/5.003_03
version/perl/5.003_04
version/perl/5.003_05
version/perl/5.003_07
version/perl/5.003_08
version/perl/5.003_09
version/perl/5.003_10
version/perl/5.003_11
version/perl/5.003_12
version/perl/5.003_13
version/perl/5.003_14
version/perl/5.003_15
version/perl/5.003_16
version/perl/5.003_17
version/perl/5.003_18
version/perl/5.003_19
version/perl/5.003_20
version/perl/5.003_21
version/perl/5.003_22
version/perl/5.003_23
version/perl/5.003_24
version/perl/5.003_25
version/perl/5.003_26
version/perl/5.003_27
version/perl/5.003_28
version/perl/5.003_90
version/perl/5.003_91
version/perl/5.003_92
version/perl/5.003_93
version/perl/5.003_94
version/perl/5.003_95
version/perl/5.003_96
version/perl/5.003_97
version/perl/5.003_97a
version/perl/5.003_97b
version/perl/5.003_97c
version/perl/5.003_97d
version/perl/5.003_97e
version/perl/5.003_97f
version/perl/5.003_97g
version/perl/5.003_97h
version/perl/5.003_97i
version/perl/5.003_97j
version/perl/5.003_98
version/perl/5.003_99
version/perl/5.003_99a
version/perl/5.004
version/perl/5.004_01
version/perl/5.004_02
version/perl/5.004_03
version/perl/5.004_04
version/perl/5.004_05
version/perl/5.005
version/perl/5.005_01
version/perl/5.005_02
version/perl/5.005_03
version/perl/5.005_04
version/perl/5.6
version/perl/5.6.0
version/perl/5.6.1
version/perl/5.6.2
version/perl/5.7.3
version/perl/5.8
version/perl/5.8.0
version/perl/5.8.1
version/perl/5.8.2
version/perl/5.8.3
version/perl/5.8.4
version/perl/5.8.5
version/perl/5.8.6
version/perl/5.8.7
version/perl/5.8.8
version/perl/5.8.9
version/perl/5.8.9-rc1
version/perl/5.9.0
version/perl/5.9.1
version/perl/5.9.2
version/perl/5.9.3
version/perl/5.9.4
version/perl/5.9.5
version/perl/5.10
version/perl/5.10.0
version/perl/5.10.1
version/perl/5.10.1-rc1
version/perl/5.10.1-rc2
version/perl/5.11.0
version/perl/5.11.1
version/perl/5.11.2
version/perl/5.11.3
version/perl/5.11.4
version/perl/5.11.5
version/perl/5.12.0
version/perl/5.12.0-rc0
version/perl/5.12.0-rc1
version/perl/5.12.0-rc2
version/perl/5.12.0-rc3
version/perl/5.12.0-rc4
version/perl/5.12.0-rc5
version/perl/5.12.1
version/perl/5.12.1-rc0
version/perl/5.12.1-rc1
version/perl/5.12.1-rc2
version/perl/5.12.2
version/perl/5.12.2-rc1
version/perl/5.12.3
version/perl/5.12.3-rc1
version/perl/5.12.3-rc2
version/perl/5.12.3-rc3
version/perl/5.12.4
version/perl/5.12.4-rc1
version/perl/5.12.4-rc2
version/perl/5.12.5
version/perl/5.12.5-rc1
version/perl/5.12.5-rc2
version/perl/5.13.0
version/perl/5.13.1
version/perl/5.13.2
version/perl/5.13.3
version/perl/5.13.4
version/perl/5.13.5
version/perl/5.13.6
version/perl/5.13.7
version/perl/5.13.8
version/perl/5.13.9
version/perl/5.13.10
version/perl/5.13.11
version/perl/5.14.0
version/perl/5.14.0-rc1
version/perl/5.14.0-rc2
version/perl/5.14.0-rc3
version/perl/5.14.1
version/perl/5.14.1-rc1
version/perl/5.14.2
version/perl/5.14.2-rc1
version/perl/5.14.3
version/perl/5.14.3-rc1
version/perl/5.14.3-rc2
version/perl/5.14.4
version/perl/5.14.4-rc1
version/perl/5.14.4-rc2
version/perl/5.15.0
version/perl/5.15.1
version/perl/5.15.2
version/perl/5.15.3
version/perl/5.15.4
version/perl/5.15.5
version/perl/5.15.6
version/perl/5.15.7
version/perl/5.15.8
version/perl/5.15.9
version/perl/5.16.0
version/perl/5.16.0-rc1
version/perl/5.16.0-rc2
version/perl/5.16.1
version/perl/5.16.2
version/perl/5.16.3
version/perl/5.16.3-rc1
version/perl/5.17.0
version/perl/5.17.1
version/perl/5.17.2
version/perl/5.17.3
version/perl/5.17.4
version/perl/5.17.5
version/perl/5.17.6
version/perl/5.17.7
version/perl/5.17.7.0
version/perl/5.17.8
version/perl/5.17.9
version/perl/5.17.10
version/perl/5.17.11
version/perl/5.18.0
version/perl/5.18.0-rc1
version/perl/5.18.0-rc2
version/perl/5.18.0-rc3
version/perl/5.18.0-rc4
version/perl/5.18.1
version/perl/5.18.2
version/perl/5.18.2-rc1
version/perl/5.18.2-rc2
version/perl/5.18.2-rc3
version/perl/5.18.2-rc4
version/perl/5.18.3
version/perl/5.18.3-rc1
version/perl/5.18.3-rc2
version/perl/5.18.4
version/perl/5.19.0
version/perl/5.19.1
version/perl/5.19.2
version/perl/5.19.3
version/perl/5.19.4
version/perl/5.19.5
version/perl/5.19.6
version/perl/5.19.7
version/perl/5.19.8
version/perl/5.19.9
version/perl/5.19.10
version/perl/5.19.11
version/perl/5.20.0
version/perl/5.20.0-rc1
version/perl/5.20.1
version/perl/5.20.1-rc1
version/perl/5.20.1-rc2
version/perl/5.20.2
version/perl/5.20.2-rc1
version/perl/5.20.3
version/perl/5.20.3-rc1
version/perl/5.20.3-rc2
version/perl/5.21.0
version/perl/5.21.1
version/perl/5.21.2
version/perl/5.21.3
version/perl/5.21.4
version/perl/5.21.5
version/perl/5.21.6
version/perl/5.21.7
version/perl/5.21.8
version/perl/5.21.9
version/perl/5.21.10
version/perl/5.21.11
version/perl/5.22.0
version/perl/5.22.0-rc1
version/perl/5.22.0-rc2
version/perl/5.22.1
version/perl/5.22.1-rc1
version/perl/5.22.1-rc2
version/perl/5.22.1-rc3
version/perl/5.22.1-rc4
version/perl/5.22.2
version/perl/5.22.2-rc1
version/perl/5.22.3-rc1
version/perl/5.24.0
version/perl/5.24.0-rc1
version/perl/5.24.0-rc2
version/perl/5.24.0-rc3
version/perl/5.24.0-rc4
version/perl/5.24.0-rc5
version/perl/5.24.1-rc1
vendor/opensuse
canonical/opensuse
version/opensuse/15.0
vendor/apache
canonical/apache spamassassin