CVE-2022-40299
- Source
- https://cve.org/CVERecord?id=CVE-2022-40299
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40299.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-40299
- Downstream
- Published
- 2022-09-09T01:15:07.853Z
- Modified
- 2026-03-02T01:36:06.382174Z
- Severity
-
- 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.
- References
-
- http://michael.orlitzky.com/cves/cve-2022-40299.xhtml
- https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
- https://github.com/Singular/Singular/issues/1137
- https://github.com/Singular/Singular/issues/1137
- https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c
- https://github.com/Singular/Singular/issues/1137
- http://michael.orlitzky.com/cves/cve-2022-40299.xhtml
- https://github.com/Singular/Singular/issues/1137
Affected packages
Git / github.com/singular/singular
Affected ranges
- Type
- GIT
- Repo
- https://github.com/singular/singular
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed