Home CVE Database CVE-2018-16396



Array#pack method converts the receiver\'s contents into a string with specified format. If the receiver contains some tainted objects, the returned string also should be tainted. String#unpack method which converts the receiver into an array also should propagate its tainted flag to the objects contained in the returned array. But, with B, b, H and h directives, the tainted flags are not propagated. So, if a script processes unreliable inputs by Array#pack and/or String#unpack with these directives and checks the reliability with tainted flags, the check might be wrong.

Priority: MEDIUM
CVSS v3: 8.1
Publish Date: Nov 11, 2018
Related ID: --
Modified Date: Nov 11, 2018

Find out more about CVE-2018-16396 from the MITRE-CVE dictionary and NIST NVD

Products Affected

Login may be required to access defects or downloads.

Related Products

Product Name Status Defect Fixed Downloads
Linux 7 SCP Not Vulnerable -- -- --
Linux 7 CGP Not Vulnerable -- -- --



Live chat