Vulnerability in Buzz 1.1.0 Allows Insecure Temporary File Creation

CVE-2024-10372

3.6LOW

Key Information

Vendor: Chidiwilliams
Status: Buzz
Vendor: CVE Published:; 25 October 2024

Summary

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Affected Version(s)

buzz = 1.1.0

CVSS V3.1

Score:

3.6

Severity:

LOW

Confidentiality:

None

Integrity:

Low

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: null to: 4.5 - (MEDIUM)
Oct 25, 2024
Vulnerability published.
Oct 25, 2024
VulDB entry last update
Oct 24, 2024
Vulnerability Reserved.
Oct 24, 2024
VulDB entry created
Oct 24, 2024
Advisory disclosed
Oct 24, 2024

Collectors

NVD DatabaseMitre Database

Credit

startr4ck (VulDB User)