Login Sign Up

CVE-2013-4251

7.8 HIGH

📋 TL;DR

CVE-2013-4251 is a privilege escalation vulnerability in SciPy's scipy.weave component that creates temporary directories with insecure permissions. This allows local attackers to write arbitrary files to system locations, potentially leading to code execution. Affects users of SciPy versions before 0.12.1 who use the weave functionality.

💻 Affected Systems

Products:
  • SciPy
Versions: All versions before 0.12.1
Operating Systems: Linux, Unix-like systems, Windows
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects systems where scipy.weave functionality is used; not all SciPy installations may be vulnerable if weave is not invoked.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Enterprise Linux by Redhat

View all CVEs affecting Enterprise Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Scipy by Scipy

View all CVEs affecting Scipy →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Local privilege escalation to root/system-level access through arbitrary file writes, potentially leading to complete system compromise.

🟠

Likely Case

Local user gains elevated privileges to execute arbitrary code in the context of the SciPy process owner.

🟢

If Mitigated

Limited impact if proper file system permissions and user isolation are implemented; attacker confined to user-level access.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring local access to the system.
🏢 Internal Only: MEDIUM - Internal users with local access could exploit this to gain elevated privileges on affected systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires local access to the system and knowledge of temporary directory creation patterns. Proof-of-concept code has been discussed in security advisories.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: SciPy 0.12.1 and later

Vendor Advisory: https://access.redhat.com/security/cve/cve-2013-4251

Restart Required: No

Instructions:

1. Upgrade SciPy to version 0.12.1 or later using your package manager (pip install --upgrade scipy>=0.12.1). 2. Verify the upgrade completed successfully. 3. No restart required, but affected Python processes should be restarted.

🔧 Temporary Workarounds

Disable scipy.weave functionality

all

Prevent use of the vulnerable weave component by disabling it or removing permissions.

# Remove weave module: rm -rf /path/to/scipy/weave
# Or set restrictive permissions: chmod 000 /path/to/scipy/weave

Use secure temporary directory

linux

Set TMPDIR environment variable to a secure, user-owned directory with proper permissions.

export TMPDIR=/tmp/secure_$USER
mkdir -p $TMPDIR && chmod 700 $TMPDIR

🧯 If You Can't Patch

  • Implement strict file system permissions to limit user access to system directories.
  • Monitor for suspicious file creation in temporary directories and system locations.

🔍 How to Verify

Check if Vulnerable:

Check SciPy version: python -c "import scipy; print(scipy.__version__)" - if version is less than 0.12.1, system is vulnerable.

Check Version:

python -c "import scipy; print(scipy.__version__)"

Verify Fix Applied:

After upgrade, verify version is 0.12.1 or higher: python -c "import scipy; print(scipy.__version__)"

📡 Detection & Monitoring

Log Indicators:

  • Unusual file creation in system directories by Python/scipy processes
  • Permission denied errors in application logs related to temporary file access

Network Indicators:

  • None - this is a local vulnerability

SIEM Query:

Process creation events for python/scipy followed by file creation in system directories (e.g., /tmp, /var/tmp with insecure permissions)

📊 Metadata

CVE ID: CVE-2013-4251
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-269
Published: November 4, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2013-4251, you might also want to check these:

CVE-2023-48419 10.0

This vulnerability allows an attacker within Wi-Fi range of a Google Home device to spy on the victi...

Same vulnerability type (CWE-269)
CVE-2025-20282 10.0

This critical vulnerability in Cisco ISE and ISE-PIC allows unauthenticated remote attackers to uplo...

Same vulnerability type (CWE-269)
CVE-2022-24783 10.0

This critical vulnerability in Deno runtime allows malicious code to bypass all permission checks an...

Same vulnerability type (CWE-269)