CVE-2016-5636
published 2016-09-02CVE-2016-5636: Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote…
PriorityP259critical9.8CVSS 3.0
AVNACLPRNUINSUCHIHAH
EPSS
25.67%
97.7th percentile
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Affected
32 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos_sierra_10.12.4_security_update_2017-001_el_capitan_and_security_update_201 | — | — |
| debian | python2.7 | < python2.7 2.7.12~rc1-1 (bullseye) | python2.7 2.7.12~rc1-1 (bullseye) |
| python | python | <= 2.7.11 | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
| python | python | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The vulnerability is triggered via a specially crafted zip file placed in a Python module path that is subsequently loaded by an import statement, causing a heap overflow in the zipimporter module (zipimport.c, get_data function). ↗
- →The root trigger is a negative data size value passed to get_data in zipimport.c, causing an integer overflow that leads to a heap-based buffer overflow. Monitor for anomalous or malformed zip files in Python module/import paths. ↗
- →An attacker could use a crafted zip file to exploit this; detection should focus on unexpected or externally-supplied zip files appearing in Python module search paths (sys.path entries). ↗
- ·Affected versions are CPython before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2. Detection/patching efforts should confirm the running Python version falls within these ranges. ↗
- ·Red Hat rated this issue as Low security impact and marked multiple affected packages as 'Will not fix', meaning patched RPMs may not be available from Red Hat for RHEL 5/6 or Software Collections. ↗
- ·Jython on Red Hat Enterprise Linux 6 is listed as not affected; scope this caveat when assessing Jython-based deployments. ↗
CVSS provenance
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2016-5636: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
vendor_apple·2017-03-27·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Apple Security Update: About the security content of macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
Product: macOS Sierra 10.12.4, Security Update 2017-001 El Capitan, and Security Update 2017-001 Yosemite
CVE: CVE-2016-5636
Component: CVE-2016-5636
Ubuntu
Python vulnerabilities
vendor_ubuntu·2016-11-22·CVSS 6.5
CVE-2016-0772 [MEDIUM] Python vulnerabilities
Title: Python vulnerabilities
Summary: Several security issues were fixed in Python.
It was discovered that the smtplib library in Python did not return an
error when StartTLS fails. A remote attacker could possibly use this to
expose sensitive information. (CVE-2016-0772)
Rémi Rampin discovered that Python would not protect CGI applications
from contents of the HTTP_PROXY environment variable when based on
the contents of the Proxy header from HTTP requests. A remote attacker
could possibly use this to cause a CGI application to redirect outgoing
HTTP requests. (CVE-2016-1000110)
Insu Yun discovered an integer overflow in the zipimporter module in
Python that could lead to a heap-based overflow. An attacker could
use this to craft a special zip file that when read by Python could
poss
Red Hat
python: Heap overflow in zipimporter module
vendor_redhat·2016-01-21·CVSS 9.8
CVE-2016-5636 [CRITICAL] CWE-20 python: Heap overflow in zipimporter module
python: Heap overflow in zipimporter module
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://
Debian
CVE-2016-5636: python2.7 - Integer overflow in the get_data function in zipimport.c in CPython (aka Python)...
vendor_debian·2016·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636: python2.7 - Integer overflow in the get_data function in zipimport.c in CPython (aka Python)...
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
Scope: local
bullseye: resolved (fixed in 2.7.12~rc1-1)
GHSA
GHSA-f5qq-9gj3-v9hw: Integer overflow in the get_data function in zipimport
ghsa_unreviewed·2022-05-14
CVE-2016-5636 [CRITICAL] CWE-190 GHSA-f5qq-9gj3-v9hw: Integer overflow in the get_data function in zipimport
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
OSV
python2.7, python3.2, python3.4, python3.5 vulnerabilities
osv·2016-11-22·CVSS 6.5
CVE-2016-0772 [MEDIUM] python2.7, python3.2, python3.4, python3.5 vulnerabilities
python2.7, python3.2, python3.4, python3.5 vulnerabilities
It was discovered that the smtplib library in Python did not return an
error when StartTLS fails. A remote attacker could possibly use this to
expose sensitive information. (CVE-2016-0772)
Rémi Rampin discovered that Python would not protect CGI applications
from contents of the HTTP_PROXY environment variable when based on
the contents of the Proxy header from HTTP requests. A remote attacker
could possibly use this to cause a CGI application to redirect outgoing
HTTP requests. (CVE-2016-1000110)
Insu Yun discovered an integer overflow in the zipimporter module in
Python that could lead to a heap-based overflow. An attacker could
use this to craft a special zip file that when read by Python could
possibly execute arbitrary code
OSV
CVE-2016-5636: Integer overflow in the get_data function in zipimport
osv·2016-09-02·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636: Integer overflow in the get_data function in zipimport
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2016-5636 python34: python: Heap overflow in zipimporter module [epel-7]
bugzilla·2016-07-14·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636 python34: python: Heap overflow in zipimporter module [epel-7]
CVE-2016-5636 python34: python: Heap overflow in zipimporter module [epel-7]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Bugzilla
CVE-2016-5636 python: Heap overflow in zipimporter module
bugzilla·2016-06-13·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636 python: Heap overflow in zipimporter module
CVE-2016-5636 python: Heap overflow in zipimporter module
A heap-based buffer overflow vulnerability was found in zipimporter module.
Vulnerable code:
1116 bytes_size = compress == 0 ? data_size : data_size + 1;
1117 if (bytes_size == 0)
1118 bytes_size++;
1119 raw_data = PyBytes_FromStringAndSize((char *)NULL, bytes_size);
data_size is not sanitized, so if comepress != 0 and data_size = -1, then it overflows and becomes 0. Right after then it's incremented and becomes 1. In that case, python allocates small portion of heap, which is later overflowed using fread.
Upstream bug:
https://bugs.python.org/issue26171
Upstream patches:
https://hg.python.org/cpython/rev/01ddd608b85c (3.4)
https://hg.python.org/cpython/rev/985fc64c60d6 (2.7)
https://hg.python.org/cpython/rev/10dad6da1b28 (3
Bugzilla
CVE-2016-5636 jython: python: Heap overflow in zipimporter module [fedora-all]
bugzilla·2016-06-13·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636 jython: python: Heap overflow in zipimporter module [fedora-all]
CVE-2016-5636 jython: python: Heap overflow in zipimporter module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of
Bugzilla
CVE-2016-5636 jython: python: Heap overflow in zipimporter module [epel-5]
bugzilla·2016-06-13·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636 jython: python: Heap overflow in zipimporter module [epel-5]
CVE-2016-5636 jython: python: Heap overflow in zipimporter module [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Di
Bugzilla
CVE-2016-5636 python26: python: Heap overflow in zipimporter module [epel-5]
bugzilla·2016-06-13·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636 python26: python: Heap overflow in zipimporter module [epel-5]
CVE-2016-5636 python26: python: Heap overflow in zipimporter module [epel-5]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
[bug automatically created by: add-tracking-bugs]
Bugzilla
CVE-2016-5636 python3: python: Heap overflow in zipimporter module [fedora-all]
bugzilla·2016-06-13·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636 python3: python: Heap overflow in zipimporter module [fedora-all]
CVE-2016-5636 python3: python: Heap overflow in zipimporter module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions o
Bugzilla
CVE-2016-5636 python: Heap overflow in zipimporter module [fedora-all]
bugzilla·2016-06-13·CVSS 9.8
CVE-2016-5636 [CRITICAL] CVE-2016-5636 python: Heap overflow in zipimporter module [fedora-all]
CVE-2016-5636 python: Heap overflow in zipimporter module [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora.
arXiv
Path-wise Vulnerability Mitigation
arxiv_fulltext·2024-05-25
Path-wise Vulnerability Mitigation
Path-wise Vulnerability Mitigation
Zhen Huang1 Hiristina Dokic2
DePaul University, Chicago IL, USA \ [email protected]
DePaul University, Chicago IL, USA \ @depaul.edu
0
First Author10000-1111-2222-3333
Second Author2,31111-2222-3333-4444
Third Author32222--3333-4444-5555
F. Author et al.
Princeton University, Princeton NJ 08544, USA
Springer Heidelberg, Tiergartenstr. 17, 69121 Heidelberg, Germany
[email protected]
http://www.springer.com/gp/computer-science/lncs
ABC Institute, Rupert-Karls-University Heidelberg, Heidelberg, Germany
\abc,lncs\@uni-heidelberg.de
## Abstract
Software vulnerabilities are prevalent but fixing software vulnerabilities is not trivial. Studies have shown that a considerable pre-patch window exists because it often takes weeks or months for software vendo
arXiv
An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications
arxiv_fulltext·2018-11-16
An Empirical Analysis of Vulnerabilities in Python Packages for Web Applications
An Empirical Analysis of Vulnerabilities
in Python Packages for Web Applications
Jukka Ruohonen
University of Turku, Finland
Email: [email protected]
## Abstract
This paper examines software vulnerabilities in common Python packages used particularly for web development. The empirical dataset is based on the PyPI package repository and the so-called Safety DB used to track vulnerabilities in selected packages within the repository. The methodological approach builds on a release-based time series analysis of the conditional probabilities for the releases of the packages to be vulnerable. According to the results, many of the Python vulnerabilities observed seem to be only modestly severe; input validation and cross-site scripting have been the most typical vulnerabilities. In terms of the
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2586.htmlhttp://www.openwall.com/lists/oss-security/2016/06/15/15http://www.openwall.com/lists/oss-security/2016/06/16/1http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/91247http://www.securitytracker.com/id/1038138http://www.splunk.com/view/SP-CAAAPSVhttp://www.splunk.com/view/SP-CAAAPUEhttps://bugs.python.org/issue26171https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWShttps://lists.debian.org/debian-lts-announce/2019/02/msg00011.htmlhttps://security.gentoo.org/glsa/201701-18http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.htmlhttp://rhn.redhat.com/errata/RHSA-2016-2586.htmlhttp://www.openwall.com/lists/oss-security/2016/06/15/15http://www.openwall.com/lists/oss-security/2016/06/16/1http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.htmlhttp://www.securityfocus.com/bid/91247http://www.securitytracker.com/id/1038138http://www.splunk.com/view/SP-CAAAPSVhttp://www.splunk.com/view/SP-CAAAPUEhttps://bugs.python.org/issue26171https://docs.python.org/3.4/whatsnew/changelog.html#python-3-4-5https://docs.python.org/3.5/whatsnew/changelog.html#python-3-5-2https://hg.python.org/cpython/raw-file/v2.7.12/Misc/NEWShttps://lists.debian.org/debian-lts-announce/2019/02/msg00011.htmlhttps://security.gentoo.org/glsa/201701-18
2016-09-02
Published