PT-2018-4181 · Numpy · Numpy

Juliantaylor

Published

2014-02-21

Updated

2022-05-14

CVE-2014-1859

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions NumPy versions prior to 1.8.1

Description The issue allows local users to write to arbitrary files via a symlink attack on a temporary file. This is possible due to vulnerabilities in certain files, including core/tests/test memmap.py, core/tests/test multiarray.py, f2py/f2py2e.py, and lib/tests/test io.py.

Recommendations For versions prior to 1.8.1, update to version 1.8.1 or later to resolve the issue. As a temporary workaround, consider restricting access to temporary files to minimize the risk of exploitation.

Fix

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2014-1859

GHSA-2FC2-6R4J-P65H

MGASA-2014-0089

PYSEC-2018-34

Affected Products

Numpy

PT-2018-4181 · Numpy · Numpy

CVE-2014-1859

Weakness Enumeration

Related Identifiers

Affected Products

References · 23