Local Denial of Service Vulnerability in pip Product by Python Software Foundation
CVE-2014-8991

Currently unrated

Key Information:

Vendor

Pypa

Status
Pip
Vendor
CVE Published:
24 November 2014

What is CVE-2014-8991?

The pip tool, used for managing Python packages, is susceptible to a local denial of service attack due to predictable temporary directory names. When a malicious user creates a file in the /tmp/pip-build-* directory, it can lead to the prevention of package installation for other users. This vulnerability affects various versions of pip, allowing an attacker to disrupt the package management process.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.openwall.com/lists/oss-security/2014/11/19/17
mailing-listx_refsource_MLIST
http://www.oracle.com/technetwork/topics/security/bulleti...
x_refsource_CONFIRM
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847
x_refsource_CONFIRM

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.