Main Vulnerability Database Vulnerabilities #VU31718

Improper validation of integrity check value in Singularity - CVE-2020-13847

Published: July 21, 2020

Vulnerability identifier: #VU31718

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-13847

CWE-ID: CWE-354

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Singularity

Affected software:
Singularity

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file. A remote attacker can cause unexpected behavior.

How to mitigate CVE-2020-13847

Install updates from vendor's website.

Sources

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00046.html
https://github.com/hpcng/singularity/security/advisories/GHSA-m7j2-9565-4h9v
https://medium.com/sylabs

Improper validation of integrity check value in Singularity - CVE-2020-13847

Detailed vulnerability description

How to mitigate CVE-2020-13847

Sources

Please verify you're human