CVE-2024-55566: ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be...

6.6 CVSS

Description

ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be overwriting files or making ColPack graphing unavailable to other users.

Classification

CVE ID: CVE-2024-55566

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.6

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 17.81% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://bugzilla.suse.com/show_bug.cgi?id=1225617
https://github.com/CSCsw/ColPack/blob/9a7293a8dfd66a60434496b8df5ebb4274d70339/src/Utilities/extra.cpp#L184-L190
https://cwe.mitre.org/data/definitions/335.html

Timeline

2024-12-10 00:31:53 UTC
CVE

ColPack 1.0.10 through 9a7293a has a predictable temporary file (located under /tmp with a name derived from an unseeded RNG). The impact can be...