#VU16969 Input validation error in Singularity - CVE-2018-19295

Cybersecurity Help s.r.o.

Published: 2019-01-14

Vulnerability identifier: #VU16969

Vulnerability risk: Low

CVSSv4.0: 0 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2018-19295

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Singularity
Universal components / Libraries / Libraries used by multiple products

Vendor: Singularity

Description

The vulnerability allows a local attacker to perform improper input validation attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local attacker can supply specially crafted application and cause the service to crash or execute arbitrary code with elevated privileges.

Mitigation
Update to version 2.6.1.

Vulnerable software versions

Singularity: 2.4.0 - 2.6

External links
https://github.com/sylabs/singularity/releases/tag/2.6.1

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

OpenSUSE Linux update for singularity

Fedora 29 update for singularity