CVE-2024-55566

Name of the Vulnerable Software and Affected Versions ColPack versions 1.0.10 through 9a7293a

Description The issue is related to the creation of predictable temporary files in ColPack, located under /tmp with names derived from an unseeded Random Number Generator (RNG). This can lead to overwriting files or making ColPack graphing unavailable to other users.

Recommendations For ColPack versions 1.0.10 through 9a7293a, consider restricting access to the /tmp directory to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using ColPack graphing functionality that relies on temporary files in /tmp until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.