PYSEC-2014-11 — Vulnetix

PYSEC-2014-11 PUBLISHED CVSS 6.900000095367432 MEDIUM

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

Risk Scores

CVSS v4.0

6.900000095367432

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
PyPI	pip	1.3, 1.3, 1.3.1

Timeline

Nov 24, 2014 CVE Published
Nov 8, 2023 CVE Updated

References

http://www.securityfocus.com/bid/71209 url
http://www.openwall.com/lists/oss-security/2014/11/19/17 url
http://www.openwall.com/lists/oss-security/2014/11/20/6 url
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html url
https://github.com/pypa/pip/pull/2122 fix
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847 advisory

Open in Interactive Console →