Vulnerability Details : CVE-2016-5636
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Vulnerability category: Overflow
Products affected by CVE-2016-5636
- cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.5:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.3.6:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:python:python:3.5.1:*:*:*:*:*:*:*
Threat overview for CVE-2016-5636
Top countries where our scanners detected CVE-2016-5636
Top open port discovered on systems with this issue
8123
IPs affected by CVE-2016-5636 139,029
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2016-5636!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2016-5636
1.61%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2016-5636
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2016-5636
-
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-5636
-
http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html
Oracle Solaris Bulletin - July 2016
-
http://www.securityfocus.com/bid/91247
Python CVE-2016-5636 Heap Buffer Overflow Vulnerability
-
https://lists.debian.org/debian-lts-announce/2019/02/msg00011.html
[SECURITY] [DLA 1663-1] python3.4 security update
-
https://security.gentoo.org/glsa/201701-18
Python: Multiple vulnerabilities (GLSA 201701-18) — Gentoo security
-
http://www.openwall.com/lists/oss-security/2016/06/15/15
oss-security - CVE Request: heap overflow in Python zipimport moduleMailing List
-
https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWS
Release Notes
-
https://bugs.python.org/issue26171
Issue 26171: heap overflow in zipimporter module - Python trackerIssue Tracking;Patch
-
http://rhn.redhat.com/errata/RHSA-2016-2586.html
RHSA-2016:2586 - Security Advisory - Red Hat Customer Portal
-
http://www.openwall.com/lists/oss-security/2016/06/16/1
oss-security - Re: CVE Request: heap overflow in Python zipimport moduleMailing List
-
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
[security-announce] openSUSE-SU-2020:0086-1: important: Security update
-
https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5
Changelog — Python 3.4.10 documentationRelease Notes
-
http://www.securitytracker.com/id/1038138
Apple macOS/OS X Multiple Flaws Let Remote Users Execute Arbitrary Code, Spoof URLs, and Obtain Potentially Sensitive Information and Let Local Users Modify Data and Gain Elevated Privileges - Securit
-
http://www.splunk.com/view/SP-CAAAPUE
Splunk Enterprise 6.4.5 addresses multiple vulnerabilities | Splunk
-
http://www.splunk.com/view/SP-CAAAPSV
Splunk Enterprise 6.5.1 addresses multiple OpenSSL vulnerabilities | Splunk
-
https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2
Changelog — Python 3.5.7 documentationRelease Notes
Jump to