5.5
CVE-2014-1858
- EPSS 0.45%
- Veröffentlicht 08.01.2018 19:29:00
- Zuletzt bearbeitet 21.11.2024 02:05:09
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.45% | 0.354 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| nvd@nist.gov | 2.1 | 3.9 | 2.9 |
AV:L/AC:L/Au:N/C:N/I:P/A:N
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html
http://www.openwall.com/lists/oss-security/2014/02/08/3
http://www.securityfocus.com/bid/65441
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778
https://bugzilla.redhat.com/show_bug.cgi?id=1062009
https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
https://github.com/numpy/numpy/pull/4262