CVE-2014-8991

Опубликовано: 24 нояб. 2014

Источник: debian

Описание

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-pip	fixed	1.5.6-4		package
python-pip	not-affected		wheezy	package
python-pip	not-affected		squeeze	package

Примечания

https://github.com/pypa/pip/pull/2122

Связанные уязвимости

CVE-2014-8991

ubuntu

около 11 лет назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

CVE-2014-8991

redhat

около 12 лет назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

CVE-2014-8991

nvd

около 11 лет назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

CVE-2014-8991

msrc

4 месяца назад

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

GHSA-53mr-44pp-crf4

CVSS3: 6.2

github

больше 3 лет назад

pip lack of randomness in build directory