CVE-2014-8991
published 2014-11-24CVE-2014-8991: pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
PriorityP45low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.39%
31.1th percentile
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | python-pip | < python-pip 1.5.6-4 (bookworm) | python-pip 1.5.6-4 (bookworm) |
| oracle | solaris | — | — |
| pypa | pip | >= 1.3 < 6.0 | 6.0 |
| pypa | pip | 1.3 – 1.5.6 | — |
CVSS provenance
nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-8991: python-pip - pip 1.3 through 1.5.6 allows local users to cause a denial of service (preventio...
vendor_debian·2014·CVSS 2.1
CVE-2014-8991 [LOW] CVE-2014-8991: python-pip - pip 1.3 through 1.5.6 allows local users to cause a denial of service (preventio...
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Scope: local
bookworm: resolved (fixed in 1.5.6-4)
bullseye: resolved (fixed in 1.5.6-4)
forky: resolved (fixed in 1.5.6-4)
sid: resolved (fixed in 1.5.6-4)
trixie: resolved (fixed in 1.5.6-4)
Red Hat
python-pip: local DoS vulnerability
vendor_redhat·2013-10-09·CVSS 2.1
CVE-2014-8991 [LOW] CWE-377 python-pip: local DoS vulnerability
python-pip: local DoS vulnerability
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
Statement: Red Hat Product Security has rated this issue as having Low security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Package: python-virtualenv (OpenShift Enterprise 1) - Under investigation
Package: python-virtualenv (Red Hat Enterprise Linux 7) - Under investigation
Package: python27-python-pip (Red Hat OpenShift Enterprise 2) - Under investigation
Package: python-virtualenv (Red Hat OpenShift Enterprise 2) - Under in
OSV
pip lack of randomness in build directory
osv·2022-05-13
CVE-2014-8991 [MEDIUM] pip lack of randomness in build directory
pip lack of randomness in build directory
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a `/tmp/pip-build-*` file for another user.
GHSA
pip lack of randomness in build directory
ghsa·2022-05-13
CVE-2014-8991 [MEDIUM] pip lack of randomness in build directory
pip lack of randomness in build directory
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a `/tmp/pip-build-*` file for another user.
OSV
CVE-2014-8991: pip 1
osv·2014-11-24·CVSS 2.1
CVE-2014-8991 [LOW] CVE-2014-8991: pip 1
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
No detection rules found.
No public exploits indexed.
http://www.openwall.com/lists/oss-security/2014/11/19/17http://www.openwall.com/lists/oss-security/2014/11/20/6http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/71209https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847https://github.com/pypa/pip/pull/2122http://www.openwall.com/lists/oss-security/2014/11/19/17http://www.openwall.com/lists/oss-security/2014/11/20/6http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlhttp://www.securityfocus.com/bid/71209https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725847https://github.com/pypa/pip/pull/2122
2014-11-24
Published