Vulnerability Details : CVE-2022-40299
In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.
Products affected by CVE-2022-40299
- cpe:2.3:a:singular:singular:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-40299
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-40299
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2022-40299
-
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-40299
-
https://github.com/Singular/Singular/issues/1137
Insecure /tmp usage due to predictable paths · Issue #1137 · Singular/Singular · GitHubExploit;Issue Tracking;Patch;Third Party Advisory
-
http://michael.orlitzky.com/cves/cve-2022-40299.xhtml
Michael Orlitzky { Singular interface unsafe /tmp usage }Exploit;Third Party Advisory
-
https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
use mkstemp for sdb · Singular/Singular@5f28fbf · GitHubPatch;Third Party Advisory
Jump to