Lucene search
Ubuntu.comUB:CVE-2014-8991HistoryNov 24, 2014 - 12:00 a.m.
CVE-2014-8991
2014-11-2400:00:00
ubuntu.com
ubuntu.com
13
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.001
Percentile
31.0%
pip 1.3 through 1.5.6 allows local users to cause a denial of service
(prevention of package installation) by creating a /tmp/pip-build-* file
for another user.
Bugs
Notes
| Author | Note |
|---|---|
| msalvatore | The patch from upstream does not resolve the CVE. Backporting this the actual fix for trusty requires invasive changes that will change the command line interface. The issues is first fixed in version 7.0.0 and the changelog mentions it is backwards incompatible. |
Related
debiancve
debiancve
CVE-2014-8991
2014-11-24 15:59:15
osv
osv
pip lack of randomness in build directory
2022-05-13 01:11:25
PYSEC-2014-11
2014-11-24 15:59:00
mageia
mageia
Updated python-pip packages fix CVE-2014-8991
2015-01-15 00:55:47
cvelist
cvelist
CVE-2014-8991
2014-11-24 15:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0023)
2022-01-28 00:00:00
nvd
nvd
CVE-2014-8991
2014-11-24 15:59:15
cve
cve
CVE-2014-8991
2014-11-24 15:59:15
prion
prion
Code injection
2014-11-24 15:59:00
github
github
pip lack of randomness in build directory
2022-05-13 01:11:25
ibm
ibm
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
EPSS
0.001
Percentile
31.0%
Related for UB:CVE-2014-8991