{"id":"CVE-2022-40299","details":"In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by sdb.cc), which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.","modified":"2026-04-12T06:21:03.946328Z","published":"2022-09-09T01:15:07.853Z","references":[{"type":"FIX","url":"https://github.com/Singular/Singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c"},{"type":"FIX","url":"https://github.com/Singular/Singular/issues/1137"},{"type":"EVIDENCE","url":"http://michael.orlitzky.com/cves/cve-2022-40299.xhtml"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/singular/singular","events":[{"introduced":"0"},{"fixed":"13640e8c400cbee504e7e26868152daf7c464261"},{"fixed":"5f28fbf066626fa9c4a8f0e6408c0bb362fb386c"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.3.1"}]}}],"versions":["Release-4-0-1","Release-4-0-3","Release-4-1-0","Release-4-1-1","Release-4-1-2","Release-4-1-3","Release-4-1-3p2","Release-4-2-0","Release-4-2-0p3","Release-4-2-1","Release-4-2-1p2","Release-4-2-1p3","Release-4-3-0","Singular_4.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-40299.json","vanir_signatures":[{"signature_version":"v1","id":"CVE-2022-40299-3ff0cd8f","digest":{"threshold":0.9,"line_hashes":["336616015184271254501051551652580085072","75362535325268405883621464774346182099","108986367454450343624501893043416868263","282707272906176314093859300969026707346","251284752867455529134511884068572617567","275654728254992105285983787957653634754","238132847906727940473762655194431086315","291142601170752000865568619945144223151","257147252469933190746265283289663815572","16292723413025234497925770177094127755","66247820525144916323282564894575125162","222389319279715565584203796930902857616","105286393784886811646875941450495514042","118367169046786033511155208456385538034","273098399418392854353612057544941737417","309180525377990575224136080683224255191","221084036385786789363191611105359057985","91918164028702314653635006944825535413","59736592108470350278983111832932962826","213126968046695627440784077876124657544","200881491716239658281600562416312969641","92020564254704346660754988526769170194","66784333954881154025497964596019160532","54916564348431170750748633319920718209","79340433934231444964798231065578391001","280179253910554460766002512474235421105","234730291652484617546521282183887693082"]},"deprecated":false,"source":"https://github.com/singular/singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c","signature_type":"Line","target":{"file":"Singular/sdb.cc"}},{"signature_version":"v1","id":"CVE-2022-40299-e4898028","digest":{"function_hash":"114821111135279572085003351201585718442","length":1791},"deprecated":false,"source":"https://github.com/singular/singular/commit/5f28fbf066626fa9c4a8f0e6408c0bb362fb386c","signature_type":"Function","target":{"function":"sdb_edit","file":"Singular/sdb.cc"}}],"vanir_signatures_modified":"2026-04-12T06:21:03Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}