Vulnerabilities > CVE-2024-10372 - Insecure Temporary File vulnerability in Chidiwilliams Buzz 1.1.0

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

HIGH

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

local

high complexity

chidiwilliams

CWE-377

NVD

Published: 2024-10-25

Updated: 2024-11-06

Summary

A vulnerability classified as problematic was found in chidiwilliams buzz 1.1.0. This vulnerability affects the function download_model of the file buzz/model_loader.py. The manipulation leads to insecure temporary file. It is possible to launch the attack on the local host. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Vulnerable Configurations

Part	Description	Count
Application	Chidiwilliams Chidiwilliams Buzz 1.1.0	1

Common Weakness Enumeration (CWE)

CWE-377 - Insecure Temporary File

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References