VDB
GCVE-110-MAGEIA-2016-354
GCVE-110-MAGEIA-2016-354
Advisory Published
The ‘mkdir’ procedure of GNU Guile, an implementation of the Scheme
programming language, temporarily changed the process’ umask to zero.
During that time window, in a multithreaded application, other threads
could end up creating files with insecure permissions (CVE-2016-8605).
GNU Guile, an implementation of the Scheme language, provides a “REPL
server” which is a command prompt that developers can connect to for
live coding and debugging purposes. The REPL server is vulnerable to the
HTTP inter-protocol attack. This constitutes a remote code execution
vulnerability for developers running a REPL server that listens on a
loopback device or private network (CVE-2016-8606).
The guile package has been updated to version 2.0.13, fixing these
issues and other bugs. See the upstream release announcements for
details.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | guile | 2.0.13-1.mga5 (unaffected), 0 (affected) | — |
Aliases
Browse GCVE Records
73,161 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.