Skip to main content

Use of Insufficiently Random Values


Severity High
Score 7.8/10


In Singular before 4.3.1, a predictable /tmp pathname is used (e.g., by, which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about and similar files in the Singular interface that have predictable /tmp pathnames; this CVE Record is not about the lack of a safe temporary-file creation capability in the Singular language.

  • LOW
  • HIGH
  • NONE
  • LOW
  • HIGH
  • HIGH

CWE-330 - Use of Insufficiently Random Values

The software uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.


Advisory Timeline

  • Published