Lucene search

[email protected]CVE-2019-6446

HistoryJan 16, 2019 - 5:29 a.m.

CVE-2019-6446

2019-01-1605:29:00

CWE-502

[email protected]

web.nvd.nist.gov

701

numpy

cve-2019-6446

code execution

remote attack

python

serialization

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%

JSON

An issue was discovered in NumPy 1.16.0 and earlier. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties dispute this issue because it is a behavior that might have legitimate applications in (for example) loading serialized Python object arrays from trusted and authenticated sources

CPENameOperatorVersion
numpy:numpynumpyle1.16.0
fedoraproject:fedorafedoraproject fedoraeq30

CPE	Name	Operator	Version
numpy:numpy	numpy	le	1.16.0
fedoraproject:fedora	fedoraproject fedora	eq	30

References

lists.opensuse.org/opensuse-security-announce/2019-09/msg00091.html

lists.opensuse.org/opensuse-security-announce/2019-09/msg00092.html

lists.opensuse.org/opensuse-security-announce/2019-10/msg00015.html

www.securityfocus.com/bid/106670

access.redhat.com/errata/RHSA-2019:3335

access.redhat.com/errata/RHSA-2019:3704

bugzilla.suse.com/show_bug.cgi?id=1122208

github.com/numpy/numpy/issues/12759

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7ZZAYIQNUUYXGMKHSPEEXS4TRYFOUYE4/

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.066 Low

EPSS

Percentile

93.7%

JSON

Related for CVE-2019-6446

suse4 nessus25 openvas14 almalinux2 osv5 ubuntucve1 checkpoint_advisories1 veracode1 debiancve1 redhat2 prion1 rocky2 github1 fedora1 redhatcve1 oraclelinux2 mageia1 lenovo2