CVE-2022-40299

Name of the Vulnerable Software and Affected Versions Singular versions prior to 4.3.1

Description The issue is related to the use of predictable /tmp pathnames in files such as sdb.cc within the Singular interface. This predictability allows local users to gain the privileges of other users via a procedure in a file under /tmp. The problem specifically concerns the handling of temporary files by certain files in the Singular interface, not the lack of a safe temporary-file creation capability in the Singular language itself.

Recommendations For versions prior to 4.3.1, update to version 4.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to files under /tmp that are used by the Singular interface, such as those accessed by sdb.cc, to minimize the risk of exploitation.