ID CVE-2016-5636
Summary Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • Python 3.0
    cpe:2.3:a:python:python:3.0
  • Python 3.0.1
    cpe:2.3:a:python:python:3.0.1
  • Python 3.1.0
    cpe:2.3:a:python:python:3.1.0
  • Python 3.1.1
    cpe:2.3:a:python:python:3.1.1
  • Python 3.1.2
    cpe:2.3:a:python:python:3.1.2
  • Python 3.1.3
    cpe:2.3:a:python:python:3.1.3
  • Python 3.1.4
    cpe:2.3:a:python:python:3.1.4
  • Python 3.1.5
    cpe:2.3:a:python:python:3.1.5
  • Python 3.2.0
    cpe:2.3:a:python:python:3.2.0
  • Python 3.2.1
    cpe:2.3:a:python:python:3.2.1
  • Python 3.2.2
    cpe:2.3:a:python:python:3.2.2
  • Python 3.2.3
    cpe:2.3:a:python:python:3.2.3
  • Python 3.2.4
    cpe:2.3:a:python:python:3.2.4
  • Python 3.2.5
    cpe:2.3:a:python:python:3.2.5
  • Python 3.2.6
    cpe:2.3:a:python:python:3.2.6
  • Python 3.3.0
    cpe:2.3:a:python:python:3.3.0
  • Python 3.3.1
    cpe:2.3:a:python:python:3.3.1
  • Python 3.3.2
    cpe:2.3:a:python:python:3.3.2
  • Python 3.3.3
    cpe:2.3:a:python:python:3.3.3
  • Python 3.3.4
    cpe:2.3:a:python:python:3.3.4
  • Python 3.3.5
    cpe:2.3:a:python:python:3.3.5
  • Python 3.3.6
    cpe:2.3:a:python:python:3.3.6
  • Python 3.4.0
    cpe:2.3:a:python:python:3.4.0
  • Python 3.4.1
    cpe:2.3:a:python:python:3.4.1
  • Python 3.4.2
    cpe:2.3:a:python:python:3.4.2
  • Python 3.4.3
    cpe:2.3:a:python:python:3.4.3
  • Python 3.4.4
    cpe:2.3:a:python:python:3.4.4
  • Python 2.7.11
    cpe:2.3:a:python:python:2.7.11
  • Python 3.5.0
    cpe:2.3:a:python:python:3.5.0
  • Python 3.5.1
    cpe:2.3:a:python:python:3.5.1
CVSS
Base: 10.0 (as of 02-09-2016 - 15:39)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Huawei Local Security Checks
    NASL id EULEROS_SA-2017-1003.NASL
    description According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-14
    plugin id 99850
    published 2017-05-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99850
    title EulerOS 2.0 SP1 : python (EulerOS-SA-2017-1003)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D3A529AAD6.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92173
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92173
    title Fedora 23 : python (2016-d3a529aad6)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-EFF21665E7.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92336
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92336
    title Fedora 23 : python (2016-eff21665e7)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-9932F852C7.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92271
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92271
    title Fedora 24 : python (2016-9932f852c7)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2016-2586.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 94549
    published 2016-11-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94549
    title RHEL 7 : python (RHSA-2016:2586)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-32E5A8C3A8.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92076
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92076
    title Fedora 23 : python3 (2016-32e5a8c3a8)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_1D0F685233D811E6A67160A44CE6887B.NASL
    description Python reports : Possible integer overflow and heap corruption in zipimporter.get_data()
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 91699
    published 2016-06-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=91699
    title FreeBSD : Python -- Integer overflow in zipimport module (1d0f6852-33d8-11e6-a671-60a44ce6887b)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2016-2586.NASL
    description From Red Hat Security Advisory 2016:2586 : An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-07-24
    plugin id 94707
    published 2016-11-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=94707
    title Oracle Linux 7 : python (ELSA-2016-2586)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-E63A732C9D.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92297
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92297
    title Fedora 24 : python3 (2016-e63a732c9d)
  • NASL family MacOS X Local Security Checks
    NASL id MACOS_10_12_4.NASL
    description The remote host is running a version of macOS that is 10.12.x prior to 10.12.4. It is, therefore, affected by multiple vulnerabilities in multiple components, some of which are remote code execution vulnerabilities. An unauthenticated, remote attacker can exploit these remote code execution vulnerabilities by convincing a user to visit a specially crafted website, resulting in the execution of arbitrary code in the context of the current user. The affected components are as follows : - apache - apache_mod_php - AppleGraphicsPowerManagement - AppleRAID - Audio - Bluetooth - Carbon - CoreGraphics - CoreMedia - CoreText - curl - EFI - FinderKit - FontParser - HTTPProtocol - Hypervisor - iBooks - ImageIO - Intel Graphics Driver - IOATAFamily - IOFireWireAVC - IOFireWireFamily - Kernel - Keyboards - libarchive - libc++abi - LibreSSL - MCX Client - Menus - Multi-Touch - OpenSSH - OpenSSL - Printing - python - QuickTime - Security - SecurityFoundation - sudo - System Integrity Protection - tcpdump - tiffutil - WebKit
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 99134
    published 2017-03-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=99134
    title macOS 10.12.x < 10.12.4 Multiple Vulnerabilities (httpoxy)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2019-0223-1.NASL
    description This update for python fixes the following issues : Security issues fixed : CVE-2016-0772: smtplib vulnerability opens startTLS stripping attack (bsc#984751) CVE-2016-5636: heap overflow when importing malformed zip files (bsc#985177) CVE-2016-5699: incorrect validation of HTTP headers allow header injection (bsc#985348) CVE-2016-1000110: HTTPoxy vulnerability in urllib, fixed by disregarding HTTP_PROXY when REQUEST_METHOD is also set (bsc#989523) CVE-2019-5010: Fixed a denial-of-service vulnerability in the X509 certificate parser (bsc#1122191) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-02-04
    plugin id 121570
    published 2019-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=121570
    title SUSE SLES12 Security Update : python (SUSE-SU-2019:0223-1) (httpoxy)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-5C52DCFE47.NASL
    description Security fix for CVE-2016-0772 ---- Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92251
    published 2016-07-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92251
    title Fedora 22 : python3 (2016-5c52dcfe47)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-2408-1.NASL
    description This update for python-base fixes the following issues: Security issues fixed : - CVE-2018-1061: Fixed DoS via regular expression backtracking in difflib.IS_LINE_JUNK method in difflib (bsc#1088004). - CVE-2018-1060: Fixed DoS via regular expression catastrophic backtracking in apop() method in pop3lib (bsc#1088009). - CVE-2016-5636: Fixed heap overflow in zipimporter module (bsc#985177) Bug fixes : - bsc#1086001: python tarfile uses random order. Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 112012
    published 2018-08-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=112012
    title SUSE SLES11 Security Update : python (SUSE-SU-2018:2408-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2016-2586.NASL
    description An update for python is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Security Fix(es) : * A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 7.3 Release Notes linked from the References section.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 95332
    published 2016-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95332
    title CentOS 7 : python (CESA-2016:2586)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-22EAB18150.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92066
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92066
    title Fedora 24 : python3 (2016-22eab18150)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20161103_PYTHON_ON_SL7_X.NASL
    description Security Fix(es) : - A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636) Additional Changes :
    last seen 2019-02-21
    modified 2018-12-28
    plugin id 95857
    published 2016-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=95857
    title Scientific Linux Security Update : python on SL7.x x86_64
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-D5917E939E.NASL
    description Added patch for fixing possible integer overflow and heap corruption in zipimporter.get_data() Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92175
    published 2016-07-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92175
    title Fedora 24 : python (2016-d5917e939e)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2016-308F78B2F4.NASL
    description CVE-2016-5636 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-10-18
    plugin id 92329
    published 2016-07-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92329
    title Fedora 23 : python3 (2016-308f78b2f4)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2016-724.NASL
    description It was found that Python's httplib library (used urllib, urllib2 and others) did not properly check HTTP header input in HTTPConnection.putheader(). An attacker could use this flow to inject additional headers in a Python application that allows user provided header name or values. (CVE-2016-5699) It was found that Python's smtplib library did not return an exception if StartTLS fails to establish correctly in the SMTP.starttls() function. An attacker with ability to launch an active man in the middle attack could strip out the STARTTLS command without generating an exception on the python SMTP client application, preventing the establishment of the TLS layer. (CVE-2016-0772) A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later 'import' statement could cause a heap overflow, leading to arbitrary code execution. (CVE-2016-5636)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 92471
    published 2016-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=92471
    title Amazon Linux AMI : python26 / python27,python34 (ALAS-2016-724)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201701-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201701-18 (Python: Multiple vulnerabilities) Multip