Home

CVE-2016-5636

Description

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
45.123

Associated Vulnerability

VulnerabilityOS Platform
Multiple Vulnerabilities are affected in Python 3.3.6Windows
Multiple Vulnerabilities are affected in Python for MAC 3.0Mac
Multiple Vulnerabilities are affected in Python for MAC 3.0.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.2Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.3Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.4Mac
Multiple Vulnerabilities are affected in Python for MAC 3.1.5Mac
Multiple Vulnerabilities are affected in Python for MAC 3.2.3Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.0Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.1Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.2Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.4Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.5Mac
Multiple Vulnerabilities are affected in Python for MAC 3.3.0Mac
Multiple Vulnerabilities are affected in Python for MAC 3.3.1Mac
Multiple Vulnerabilities are affected in Python for MAC 3.3.2Mac
Multiple Vulnerabilities are affected in Python for MAC 3.3.3Mac
Vulnerabilities CVE-2013-7040,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.3.4Mac
Vulnerabilities CVE-2013-7040,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.3.5Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.6Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.3.6Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.4.0Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.4.1Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.4.2Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 1.5Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.1.0Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.4.3Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.4.4Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.5.0Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.5.1Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 1.5Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.5Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.0Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.1Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.2Mac
Vulnerabilities CVE-2013-7040,CVE-2014-1912,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.4Mac
Vulnerabilities CVE-2013-7040,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.3.4Mac
Vulnerabilities CVE-2013-7040,CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.3.5Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.2.6Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.3.6Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.4.0Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.4.1Mac
Vulnerabilities CVE-2014-9365,CVE-2016-5636 are affected in Python for MAC 3.4.2Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.1.0Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.4.3Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.4.4Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.5.0Mac
Vulnerabilities CVE-2016-5636 are affected in Python for MAC 3.5.1Mac
An interactive high-level object-oriented language (USN-2653-1) python2.7_2.7.6-8ubuntu0.3_i386.debLinux
An interactive high-level object-oriented language (USN-2653-1) python2.7_2.7.6-8ubuntu0.3_amd64.debLinux
An interactive high-level object-oriented language (USN-2653-1) python2.7-minimal_2.7.6-8ubuntu0.3_i386.debLinux
An interactive high-level object-oriented language (USN-2653-1) python2.7-minimal_2.7.6-8ubuntu0.3_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.3-0ubuntu3.9_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.3-0ubuntu3.9_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.12-1ubuntu0~16.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7_2.7.12-1ubuntu0~16.04.1_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.2_3.2.3-0ubuntu3.8_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.2_3.2.3-0ubuntu3.8_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.4_3.4.3-1ubuntu1~14.04.5_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.4_3.4.3-1ubuntu1~14.04.5_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.5_3.5.2-2ubuntu0~16.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.5_3.5.2-2ubuntu0~16.04.1_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.3-0ubuntu3.9_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) libpython2.7_2.7.3-0ubuntu3.9_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) libpython3.2_3.2.3-0ubuntu3.8_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) libpython3.2_3.2.3-0ubuntu3.8_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.3-0ubuntu3.9_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.3-0ubuntu3.9_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python2.7-minimal_2.7.12-1ubuntu0~16.04.1_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.2-minimal_3.2.3-0ubuntu3.8_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.2-minimal_3.2.3-0ubuntu3.8_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.5_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.4-minimal_3.4.3-1ubuntu1~14.04.5_amd64.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.1_i386.debLinux
An interactive high-level object-oriented language (USN-3134-1) python3.5-minimal_3.5.2-2ubuntu0~16.04.1_amd64.debLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) libpython2_6-1_0-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) libpython2_6-1_0-32bit-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-32bit-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-base-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-base-32bit-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-curses-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-demo-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-doc-2.6-8.40.15.1.noarch.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-doc-pdf-2.6-8.40.15.1.noarch.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-gdbm-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-idle-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-tk-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2018:2408-1(SUSE Linux Enterprise Server 11-SP4 ) python-xml-2.6.9-40.15.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-32bit-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-debuginfo-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython2_7-1_0-debuginfo-32bit-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-32bit-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-base-32bit-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debuginfo-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debuginfo-32bit-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-base-debugsource-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-curses-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-curses-debuginfo-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-debuginfo-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-debuginfo-32bit-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-debugsource-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-demo-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-devel-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-doc-2.7.9-24.4.noarch.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-doc-pdf-2.7.9-24.4.noarch.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-gdbm-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-gdbm-debuginfo-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Server 12-SP1 ) python-idle-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-tk-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-tk-debuginfo-2.7.9-24.1.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-xml-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2106-1(SUSE Linux Enterprise Desktop 12-SP1 ) python-xml-debuginfo-2.7.9-24.2.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython3_4m1_0-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) libpython3_4m1_0-debuginfo-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-debuginfo-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-base-debugsource-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-debuginfo-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2653-1(SUSE Linux Enterprise Desktop 12-SP1 ) python3-debugsource-3.4.5-17.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpython3_4m1_0-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) libpython3_4m1_0-debuginfo-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-debuginfo-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-base-debugsource-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-curses-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-curses-debuginfo-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-debuginfo-3.4.5-19.1.x86_64.rpmLinux
SUSE-SU-2016:2859-1(SUSE Linux Enterprise Desktop 12-SP2 ) python3-debugsource-3.4.5-19.1.x86_64.rpmLinux
Integer Overflow or Wraparound Vulnerability (CVE-2016-5636)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7
PATCH-611773Python for MAC 3.13.7

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234