CVE-2024-55566
6.6
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Summary
ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- CWE-335: CWE-335 Incorrect Usage of Seeds in Pseudo-Random Number Generator (PRNG)
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
- https://bugzilla.suse.com/show_bug.cgi?id=1225617
- https://github.com/CSCsw/ColPack/blob/9a7293a8dfd66a60434496b8df5ebb4274d70339/src/Utilities/extra.cpp#L184-L190
- https://cwe.mitre.org/data/definitions/335.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.