Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
Metrics
Affected Vendors & Products
Advisories
Source | ID | Title |
---|---|---|
![]() |
EUVD-2021-2562 | Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature. |
![]() |
GHSA-pmfr-63c2-jr5c | Execution Control List (ECL) Is Insecure in Singularity |
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
No history.

Status: PUBLISHED
Assigner: mitre
Published:
Updated: 2024-08-04T12:32:13.057Z
Reserved: 2020-06-04T00:00:00
Link: CVE-2020-13845

No data.

Status : Modified
Published: 2020-07-14T18:15:14.383
Modified: 2024-11-21T05:01:59.457
Link: CVE-2020-13845

No data.

No data.