Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2019-6446

Опубликовано: 16 янв. 2019
Источник: debian
EPSS Средний

Описание

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

Пакеты

ПакетСтатусВерсия исправленияРелизТип
python-numpyfixed1:1.10.4-1package
python-numpyno-dsajessiepackage

Примечания

  • https://github.com/numpy/numpy/issues/12759

  • For upstream this works as intended and is documented.

  • https://github.com/numpy/numpy/commit/a2bd3a7eabfe053d6d16a2130fdcad9e5211f6bb

  • added support to disable use of picke in load/save, marking that as the fixed

  • version. The use of that is at the discretion of anyone using numpy

  • Further discussion at https://github.com/numpy/numpy/pull/12889

EPSS

Процентиль: 98%
0.57542
Средний

Связанные уязвимости

ubuntu логотип

CVE-2019-6446

CVSS3: 9.8
ubuntu
больше 6 лет назад

** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

redhat логотип

CVE-2019-6446

CVSS3: 8.8
redhat
больше 6 лет назад

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

nvd логотип

CVE-2019-6446

CVSS3: 9.8
nvd
больше 6 лет назад

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

suse-cvrf логотип

openSUSE-SU-2019:2227-1

suse-cvrf
больше 5 лет назад

Security update for python-numpy

suse-cvrf логотип

openSUSE-SU-2019:2225-1

suse-cvrf
больше 5 лет назад

Security update for python-numpy

EPSS

Процентиль: 98%
0.57542
Средний