Main Vulnerability Database Vulnerabilities #VU31718

#VU31718 Improper validation of integrity check value in Singularity - CVE-2020-13847

Published: July 21, 2020

Vulnerability identifier: #VU31718

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-13847

CWE-ID: CWE-354

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Singularity

Software vendor:
Singularity

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. A remote attacker can cause unexpected behavior.

Remediation

Install updates from vendor's website.

External links

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
https://medium.com/sylabs