CVE-2022-40299

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-40299
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40299.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-40299
Downstream
Published
2022-09-09T01:15:07Z
Modified
2025-10-21T07:15:28.907658Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.

References

Affected packages

Git / github.com/singular/singular

Affected ranges

Type
GIT
Repo
https://github.com/singular/singular
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
5f28fbf066626fa9c4a8f0e6408c0bb362fb386c

Affected versions

Other

Release-4-0-1
Release-4-0-3
Release-4-1-0
Release-4-1-1
Release-4-1-2
Release-4-1-3
Release-4-1-3p2
Release-4-2-0
Release-4-2-0p3
Release-4-2-1
Release-4-2-1p2
Release-4-2-1p3
Release-4-3-0

Singular_4.*

Singular_4.0.0

Database specific

vanir_signatures

[
    {
        "id": "CVE-2022-40299-3ff0cd8f",
        "source": "https://github.com/singular/singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c",
        "signature_version": "v1",
        "digest": {
            "line_hashes": [
                "336616015184271254501051551652580085072",
                "75362535325268405883621464774346182099",
                "108986367454450343624501893043416868263",
                "282707272906176314093859300969026707346",
                "251284752867455529134511884068572617567",
                "275654728254992105285983787957653634754",
                "238132847906727940473762655194431086315",
                "291142601170752000865568619945144223151",
                "257147252469933190746265283289663815572",
                "16292723413025234497925770177094127755",
                "66247820525144916323282564894575125162",
                "222389319279715565584203796930902857616",
                "105286393784886811646875941450495514042",
                "118367169046786033511155208456385538034",
                "273098399418392854353612057544941737417",
                "309180525377990575224136080683224255191",
                "221084036385786789363191611105359057985",
                "91918164028702314653635006944825535413",
                "59736592108470350278983111832932962826",
                "213126968046695627440784077876124657544",
                "200881491716239658281600562416312969641",
                "92020564254704346660754988526769170194",
                "66784333954881154025497964596019160532",
                "54916564348431170750748633319920718209",
                "79340433934231444964798231065578391001",
                "280179253910554460766002512474235421105",
                "234730291652484617546521282183887693082"
            ],
            "threshold": 0.9
        },
        "target": {
            "file": "Singular/sdb.cc"
        },
        "signature_type": "Line",
        "deprecated": false
    },
    {
        "id": "CVE-2022-40299-e4898028",
        "source": "https://github.com/singular/singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c",
        "signature_version": "v1",
        "digest": {
            "length": 1791.0,
            "function_hash": "114821111135279572085003351201585718442"
        },
        "target": {
            "function": "sdb_edit",
            "file": "Singular/sdb.cc"
        },
        "signature_type": "Function",
        "deprecated": false
    }
]