Fluid Attacks Database

Description

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 11	python2.7	>=0 <2.7.12~rc1-1	2.7.12~rc1-1
rpm rhel5	python	-	-
rpm rhel6	python	-	-
rpm rhel7	python	<0:2.7.5-48.el7	0:2.7.5-48.el7

Aliases

1. CVE-2016-56362. NVD-2016-56363. OSV-DEBIAN-2016-56364. OSV-2016-56365. SECURITY-TRACKER-CVE-2016-5636

References

1. https://github.com/insuyun/CVE-2016-5636

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.