CVE-2014-1858
low-risk
Published 2018-01-08
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10
Medium
LOCAL
/ LOW complexity
Affected Products (1)
Numpy
Affected Vendors
References (20)
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.h...
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.h...
Third Party Advisory
http://www.securityfocus.com/bid/65441
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
Third Party Advisory
https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rs...
Third Party Advisory
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
Third Party Advisory
https://github.com/numpy/numpy/pull/4262
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128358.h...
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128781.h...
Third Party Advisory
http://www.securityfocus.com/bid/65441
Issue Tracking
https://bugzilla.redhat.com/show_bug.cgi?id=1062009
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/91318
Third Party Advisory
https://github.com/numpy/numpy/blob/maintenance/1.8.x/doc/release/1.8.1-notes.rs...
Third Party Advisory
https://github.com/numpy/numpy/commit/0bb46c1448b0d3f5453d5182a17ea7ac5854ee15
Third Party Advisory
https://github.com/numpy/numpy/pull/4262
23
/ 100
low-risk
Severity
18/34 · Moderate
Exploitability
0/34 · Minimal
Exposure
5/34 · Minimal