Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2016-5636

Опубликовано: 21 янв. 2016
Источник: redhat
CVSS3: 4.5
CVSS2: 4.4

Описание

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution.

Отчет

Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5pythonWill not fix
Red Hat Enterprise Linux 6jythonNot affected
Red Hat Enterprise Linux 6pythonWill not fix
Red Hat Software Collectionspython27-pythonWill not fix
Red Hat Software Collectionspython33-pythonWill not fix
Red Hat Software Collectionsrh-python34-pythonWill not fix
Red Hat Software Collectionsrh-python35-pythonWill not fix
Red Hat Enterprise Linux 7pythonFixedRHSA-2016:258603.11.2016

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20->CWE-190->CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1345856python: Heap overflow in zipimporter module

4.5 Medium

CVSS3

4.4 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2016-5636

CVSS3: 9.8
ubuntu
почти 9 лет назад

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

nvd логотип

CVE-2016-5636

CVSS3: 9.8
nvd
почти 9 лет назад

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

debian логотип

CVE-2016-5636

CVSS3: 9.8
debian
почти 9 лет назад

Integer overflow in the get_data function in zipimport.c in CPython (a ...

github логотип

GHSA-f5qq-9gj3-v9hw

CVSS3: 9.8
github
около 3 лет назад

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

oracle-oval логотип

ELSA-2016-2586

oracle-oval
больше 8 лет назад

ELSA-2016-2586: python security, bug fix, and enhancement update (LOW)

4.5 Medium

CVSS3

4.4 Medium

CVSS2