Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Python Integer Overflow or Wraparound Vulnerability (CVE-2016-5636)

Description

Integer overflow in the get_data function in zipimport.c in CPython (aka Python) before 2.7.12, 3.x before 3.4.5, and 3.5.x before 3.5.2 allows remote attackers to have unspecified impact via a negative data size value, which triggers a heap-based buffer overflow.

Remediation

References

Related Vulnerabilities

WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-0191)

WordPress 4.2.x Multiple Vulnerabilities (4.2 - 4.2.10)

concrete5 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-6905)

WordPress Plugin Google Analytics Top Content Widget Cross-Site Scripting (1.5.6)

WordPress Plugin Customify-Intuitive Website Styling Cross-Site Request Forgery (2.10.4)

Severity

Critical

Classification

CVE-2016-5636 CWE-190 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities