vulnerability
Oracle Linux: CVE-2016-5636: ELSA-2016-2586: python security, bug fix, and enhancement update (LOW)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
4 | (AV:L/AC:H/Au:S/C:P/I:P/A:P) | Jan 21, 2016 | Nov 9, 2016 | Nov 29, 2024 |
Severity
4
CVSS
(AV:L/AC:H/Au:S/C:P/I:P/A:P)
Published
Jan 21, 2016
Added
Nov 9, 2016
Modified
Nov 29, 2024
Description
Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.
A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution.
A vulnerability was discovered in Python, in the built-in zipimporter. A specially crafted zip file placed in a module path such that it would be loaded by a later "import" statement could cause a heap overflow, leading to arbitrary code execution.
Solution(s)
oracle-linux-upgrade-pythonoracle-linux-upgrade-python-debugoracle-linux-upgrade-python-develoracle-linux-upgrade-python-libsoracle-linux-upgrade-python-testoracle-linux-upgrade-python-toolsoracle-linux-upgrade-tkinter

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.