CVE-2016-1238

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-1238
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-1238.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-1238
Related
Published
2016-08-02T14:59:00Z
Modified
2024-12-05T15:17:07.447891Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

(1) cpan/Archive-Tar/bin/ptar, (2) cpan/Archive-Tar/bin/ptardiff, (3) cpan/Archive-Tar/bin/ptargrep, (4) cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6) cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess, (8) cpan/Encode/bin/piconv, (9) cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump, (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12) cpan/IO-Compress/bin/zipdetails, (13) cpan/JSON-PP/bin/json_pp, (14) cpan/Test-Harness/bin/prove, (15) dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16) dist/Module-CoreList/corelist, (17) ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19) utils/h2ph.PL, (20) utils/h2xs.PL, (21) utils/libnetcfg.PL, (22) utils/perlbug.PL, (23) utils/perldoc.PL, (24) utils/perlivp.PL, and (25) utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24 before 5.24.1-RC2 do not properly remove . (period) characters from the end of the includes directory array, which might allow local users to gain privileges via a Trojan horse module under the current working directory.

References

Affected packages

Alpine:v3.10 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.11 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.12 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.13 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.14 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.15 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.16 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.17 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.18 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.19 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.20 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.21 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.3 / perl

Package

Name
perl
Purl
pkg:apk/alpine/perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.22.3-r0

Affected versions

5.*

5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0

Alpine:v3.4 / perl

Package

Name
perl
Purl
pkg:apk/alpine/perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.22.3-r0

Affected versions

5.*

5.10.0-r0
5.10.0-r1
5.10.1-r0
5.10.1-r1
5.10.1-r2
5.12.1-r0
5.12.2-r0
5.12.2-r1
5.12.3-r0
5.14.0-r0
5.14.1-r0
5.14.2-r0
5.14.2-r1
5.16.0-r0
5.16.1-r0
5.16.2-r0
5.16.3-r0
5.18.0-r0
5.18.1-r0
5.18.2-r0
5.20.0-r0
5.20.1-r0
5.20.2-r0
5.20.2-r1
5.22.0-r0
5.22.1-r0
5.22.2-r0

Alpine:v3.8 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.3-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Alpine:v3.9 / spamassassin

Package

Name
spamassassin
Purl
pkg:apk/alpine/spamassassin?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.4.2-r0

Affected versions

3.*

3.2.5-r0
3.2.5-r1
3.3.0-r1
3.3.1-r0
3.3.1-r1
3.3.1-r2
3.3.1-r3
3.3.1-r4
3.3.1-r5
3.3.1-r6
3.3.1-r7
3.3.1-r8
3.3.1-r9
3.3.2-r0
3.3.2-r1
3.4.0-r0
3.4.0-r1
3.4.0-r2
3.4.1-r0
3.4.1-r1
3.4.1-r2
3.4.1-r3
3.4.1-r4
3.4.1-r5
3.4.1-r6
3.4.1-r7
3.4.1-r8

Debian:11 / perl

Package

Name
perl
Purl
pkg:deb/debian/perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.22.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / perl

Package

Name
perl
Purl
pkg:deb/debian/perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.22.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / perl

Package

Name
perl
Purl
pkg:deb/debian/perl?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
5.22.2-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/apache/spamassassin

Affected ranges

Type
GIT
Repo
https://github.com/apache/spamassassin
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed