PYSEC-2014-11

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pip/PYSEC-2014-11.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2014-11

Aliases

CVE-2014-8991
GHSA-53mr-44pp-crf4

Published

2014-11-24T15:59:00Z

Modified

2023-11-01T04:45:49.576468Z

Summary

[none]

Details

pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

References

https://github.com/pypa/pip/pull/2122
http://www.securityfocus.com/bid/71209
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847
http://www.openwall.com/lists/oss-security/2014/11/19/17
http://www.openwall.com/lists/oss-security/2014/11/20/6
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Affected packages

PyPI / pip

Package

Name: pip; View open source insights on deps.dev
Purl: pkg:pypi/pip

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.3

Fixed

6.0

Affected versions

1.*

1.3

1.3.1

1.4

1.4.1

1.5

1.5.1

1.5.2

1.5.3

1.5.4

1.5.5

1.5.6

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/pip/PYSEC-2014-11.yaml"