cbcvebase.
CVE-2014-8991
published 2014-11-24

CVE-2014-8991: pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

PriorityP45low2.1CVSS 2.0
AVLACLAuNCNINAP
EPSS
0.39%
31.1th percentile
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.

Affected

4 ranges
VendorProductVersion rangeFixed in
debianpython-pip< python-pip 1.5.6-4 (bookworm)python-pip 1.5.6-4 (bookworm)
oraclesolaris
pypapip>= 1.3 < 6.06.0
pypapip1.3 – 1.5.6

CVSS provenance

nvdv2.02.1LOWAV:L/AC:L/Au:N/C:N/I:N/A:P
osv2.1LOW
vendor_debian2.1LOW
vendor_redhat2.1LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.