Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2016-5636

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Published

2016-09-02T14:59:06.003

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv3.0: 9.8 (CRITICAL)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

10.0

Impact Score

10.0

Weaknesses

Type: Primary
CWE-190

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	python	python	3.0	Yes
Application	python	python	3.0.1	Yes
Application	python	python	3.1.0	Yes
Application	python	python	3.1.1	Yes
Application	python	python	3.1.2	Yes
Application	python	python	3.1.3	Yes
Application	python	python	3.1.4	Yes
Application	python	python	3.1.5	Yes
Application	python	python	3.2.0	Yes
Application	python	python	3.2.1	Yes
Application	python	python	3.2.2	Yes
Application	python	python	3.2.3	Yes
Application	python	python	3.2.4	Yes
Application	python	python	3.2.5	Yes
Application	python	python	3.2.6	Yes
Application	python	python	3.3.0	Yes
Application	python	python	3.3.1	Yes
Application	python	python	3.3.2	Yes
Application	python	python	3.3.3	Yes
Application	python	python	3.3.4	Yes
Application	python	python	3.3.5	Yes
Application	python	python	3.3.6	Yes
Application	python	python	3.4.0	Yes
Application	python	python	3.4.1	Yes
Application	python	python	3.4.2	Yes
Application	python	python	3.4.3	Yes
Application	python	python	3.4.4	Yes
Application	python	python	≤ 2.7.11	Yes
Application	python	python	3.5.0	Yes
Application	python	python	3.5.1	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html ([email protected])
http://rhn.redhat.com/errata/RHSA-2016-2586.html ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/15/15 Mailing List ([email protected])
http://www.openwall.com/lists/oss-security/2016/06/16/1 Mailing List ([email protected])
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html ([email protected])
http://www.securityfocus.com/bid/91247 ([email protected])
http://www.securitytracker.com/id/1038138 ([email protected])
http://www.splunk.com/view/SP-CAAAPSV ([email protected])
http://www.splunk.com/view/SP-CAAAPUE ([email protected])
https://bugs.python.org/issue26171 Issue Tracking, Patch ([email protected])
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 Release Notes ([email protected])
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 Release Notes ([email protected])
https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS Release Notes ([email protected])
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html ([email protected])
https://security.gentoo.org/glsa/201701-18 ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2016-2586.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/15/15 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2016/06/16/1 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/91247 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1038138 (af854a3a-2127-422b-91ae-364da2661108)
http://www.splunk.com/view/SP-CAAAPSV (af854a3a-2127-422b-91ae-364da2661108)
http://www.splunk.com/view/SP-CAAAPUE (af854a3a-2127-422b-91ae-364da2661108)
https://bugs.python.org/issue26171 Issue Tracking, Patch (af854a3a-2127-422b-91ae-364da2661108)
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2 Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201701-18 (af854a3a-2127-422b-91ae-364da2661108)