zipimporter overflow

Warning

This resource is maintained for historical reference and does not contain the latest vulnerability info for Python.

The canonical database for vulnerabilities affecting Python is available on GitHub in the Open Source Vulnerability (OSV) format. This vulnerability can be viewed online at the Open Source Vulnerability Database.

Heap overflow in zipimporter module.

Dates:

• Disclosure date: 2016-01-21 (Python issue bpo-26171 reported)

Fixed In

• Python 2.7.12 (2016-06-25) fixed by commit 64ea192 (branch 2.7) (2016-01-21)
• Python 3.3.7 (2017-09-19) fixed by commit d751040 (branch 3.3) (2016-09-14)
• Python 3.4.5 (2016-06-25) fixed by commit c4032da (branch 3.4) (2016-01-21)
• Python 3.5.2 (2016-06-25) fixed by commit c4032da (branch 3.4) (2016-01-21)
• Python 3.6.0 (2016-12-22) fixed by commit d751040 (branch 3.3) (2016-09-14)

Python issue

heap overflow in zipimporter module.

• Python issue: bpo-26171
• Creation date: 2016-01-21
• Reporter: Insu Yun

CVE-2016-5636

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

• CVE ID: CVE-2016-5636
• Published: 2016-09-02
• CVSS Score: 10.0

Timeline

Timeline using the disclosure date 2016-01-21 as reference:

• 2016-01-21: Python issue bpo-26171 reported by Insu Yun
• 2016-01-21: commit 64ea192 (branch 2.7)
• 2016-01-21: commit c4032da (branch 3.4)
• 2016-06-25 (+156 days): Python 2.7.12 released
• 2016-06-25 (+156 days): Python 3.4.5 released
• 2016-06-25 (+156 days): Python 3.5.2 released
• 2016-09-02 (+225 days): CVE-2016-5636 published
• 2016-09-14 (+237 days): commit d751040 (branch 3.3)
• 2016-12-22: Python 3.6.0 released
• 2017-09-19 (+607 days): Python 3.3.7 released