QwikSec

Security Database

CVE

CWE

Training

CVE-2016-5636

Published: Sep 2, 2016

Modified: Aug 6, 2024

PUBLISHED

Description

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.splunk.com/view/SP-CAAAPUE

x_refsource_CONFIRM

[oss-security] 20160616 Re: CVE Request: heap overflow in Python zipimport module

mailing-list

x_refsource_MLIST

http://www.splunk.com/view/SP-CAAAPSV

x_refsource_CONFIRM

[debian-lts-announce] 20190207 [SECURITY] [DLA 1663-1] python3.4 security update

mailing-list

x_refsource_MLIST

https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5

x_refsource_CONFIRM

http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html

x_refsource_CONFIRM

https://bugs.python.org/issue26171

x_refsource_CONFIRM

https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS

x_refsource_CONFIRM

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2

x_refsource_CONFIRM

[oss-security] 20160615 CVE Request: heap overflow in Python zipimport module

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2020:0086

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.