Local Denial of Service Vulnerability in pip Product by Python Software Foundation
CVE-2014-8991

Currently unrated

Key Information:

Vendor: Pypa
Status: Pip
Vendor: CVE Published:; 24 November 2014

What is CVE-2014-8991?

The pip tool, used for managing Python packages, is susceptible to a local denial of service attack due to predictable temporary directory names. When a malicious user creates a file in the /tmp/pip-build-* directory, it can lead to the prevention of package installation for other users. This vulnerability affects various versions of pip, allowing an attacker to disrupt the package management process.

References

http://www.openwall.com/lists/oss-security/2014/11/19/17

mailing-listx_refsource_MLIST

http://www.oracle.com/technetwork/topics/security/bulleti...

x_refsource_CONFIRM

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 24, 2014
Vulnerability Reserved
Nov 19, 2014

Pypa

What is CVE-2014-8991?

References

Timeline