PT-2020-13728 · Sylabs+1 · Sylabs Singularity+1

Dtrudg

Published

2020-07-14

Updated

2024-06-15

CVE-2020-13847

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Sylabs Singularity versions 3.0 through 3.5

Description The issue concerns a lack of support for an Integrity Check in Sylabs Singularity. Specifically, the sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

Recommendations For versions 3.0 through 3.5, consider implementing additional integrity checks on SIF files to ensure their authenticity and integrity until a patch is available. As a temporary workaround, restrict the use of unverified SIF files to minimize the risk of exploitation.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-354

Related Identifiers

CVE-2020-13847

GHSA-M7J2-9565-4H9V

OPENSUSE-SU-2020:1011-1

OPENSUSE-SU-2020:1037-1

OPENSUSE-SU-2020:1100-1

OPENSUSE-SU-2020_1011-1

OPENSUSE-SU-2020_1037-1

OPENSUSE-SU-2024:11384-1

Affected Products

Suse

Sylabs Singularity

PT-2020-13728 · Sylabs+1 · Sylabs Singularity+1

CVE-2020-13847

Weakness Enumeration

Related Identifiers

Affected Products

References · 35