CVE-2014-1858

Published: Jan 8, 2018Modified: Nov 21, 2024

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

Affected (1)

Products: Numpy: Numpy

Numpy

1 product

Numpy

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Numpy Numpy	Before 1.8.1

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (20)

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.html

Source: cve@mitre.org

Third Party Advisory

http://www.openwall.com/lists/oss-security/2014/02/08/3

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/65441

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=737778

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1062009

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/91318

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rst

Source: cve@mitre.org

Third Party Advisory

https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15

Source: cve@mitre.org

Third Party Advisory

https://github.com/numpy/numpy/pull/4262

Source: cve@mitre.org

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.html