Arbitrary file write in NumPy · CVE-2014-1858 · GitHub Advisory Database · GitHub

Arbitrary file write in NumPy

Moderate severity GitHub Reviewed Published May 14, 2022 to the GitHub Advisory Database • Updated Jan 27, 2023

Package

numpy (pip)

Affected versions

< 1.8.1

Patched versions

1.8.1

Description

init.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.

References

Published by the National Vulnerability Database

Jan 8, 2018

Published to the GitHub Advisory Database May 14, 2022

Reviewed Jun 17, 2022

Last updated Jan 27, 2023

Severity

Moderate

5.5

/ 10

CVSS base metrics

Attack vector

Local

Attack complexity

Low

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N