PT-2014-8771 · Python · Pip

Dstufft

Published

2014-11-24

Updated

2024-06-15

CVE-2014-8991

CVSS v4.0

5.4

Medium

Vector

AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P

Name of the Vulnerable Software and Affected Versions pip versions 1.3 through 1.5.6

Description The issue allows local users to cause a denial of service, specifically preventing package installation, by creating a /tmp/pip-build-* file for another user.

Recommendations For pip versions 1.3 through 1.5.6, consider restricting access to the /tmp/pip-build-* file to prevent unauthorized users from creating these files and causing a denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2014-8991

GHSA-53MR-44PP-CRF4

MGASA-2015-0023

OPENSUSE-SU-2024:10098-1

OPENSUSE-SU-2024:11251-1

OPENSUSE-SU-2024:11281-1

OPENSUSE-SU-2024:13916-1

PYSEC-2014-11

SUSE-FU-2021:2130-1

SUSE-RU-2019:2505-1

Affected Products

Pip

PT-2014-8771 · Python · Pip

CVE-2014-8991

Related Identifiers

Affected Products

References · 41