What is CVE-2019-6446?

CVE-2019-6446 is a vulnerability in N/a. Published 2019-01-16.

Is CVE-2019-6446 known to be exploited?

11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2019-6446

An issue was discovered in NumPy before 1.16.3. It uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, as demonstrated by a numpy.load call. NOTE: third parties d…

EPSS: 0.715 (98.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

bugzilla.suse.com/show_bug.cgi
106670 (vdb-entry)
github.com/numpy/numpy/issues/12759
FEDORA-2019-1dfe95a864 (vendor-advisory)
openSUSE-SU-2019:2227 (vendor-advisory)
openSUSE-SU-2019:2225 (vendor-advisory)
openSUSE-SU-2019:2259 (vendor-advisory)
RHSA-2019:3335 (vendor-advisory)
RHSA-2019:3704 (vendor-advisory)
github.com/numpy/numpy/pull/13359

Frequently asked questions

What is CVE-2019-6446?: CVE-2019-6446 is a vulnerability in N/a. Published 2019-01-16.
Is CVE-2019-6446 known to be exploited?: 11 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.