Description

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Remediation

References

CVE-2016-5636

Related Vulnerabilities

Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2013-4136)

WordPress Plugin Coming Soon Page & Maintenance Mode Unspecified Vulnerability (1.8.2)

WordPress Plugin BackupBuddy Arbitrary File Download (8.7.4.1)

qdPM Code Execution Vulnerability (CVE-2015-3884)

Internet Information Services Other Vulnerability (CVE-1999-1376)

Severity

Critical

Classification

CVE-2016-5636 CWE-190 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities