CVE-2022-39237

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39237

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39237.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-39237

Aliases

Related

Published

2022-10-06T18:16:10Z

Modified

2024-09-11T04:54:35.191021Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

References

Affected packages

Debian:11 / golang-github-sylabs-sif

Package

Name: golang-github-sylabs-sif
Purl: pkg:deb/debian/golang-github-sylabs-sif?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.9-2.1

2.*

2.3.1-1

2.3.1-2

2.3.1-3

2.8.3-1

2.8.3-2

2.15.0-1

2.15.1-1

2.15.2-1

2.16.0-1

2.16.0-2

2.17.0-1

2.18.0-1

2.19.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-github-sylabs-sif

Package

Name: golang-github-sylabs-sif
Purl: pkg:deb/debian/golang-github-sylabs-sif?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-github-sylabs-sif

Package

Name: golang-github-sylabs-sif
Purl: pkg:deb/debian/golang-github-sylabs-sif?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/sylabs/sif

Affected ranges

Type: GIT
Repo: https://github.com/sylabs/sif
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

07fb86029a12e3210f6131e065570124605daeaa

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.3

v1.0.3-beta.1

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.3.0

v1.4.0

v1.4.1

v2.*

v2.0.0

v2.0.0-alpha.1

v2.0.0-alpha.2

v2.0.0-alpha.3

v2.0.0-alpha.4

v2.0.0-alpha.5

v2.0.0-beta.1

v2.0.0-beta.2

v2.0.0-beta.3

v2.0.0-beta.4

v2.0.0-beta.5

v2.0.0-beta.6

v2.0.1

v2.1.0

v2.1.1

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.3.0

v2.3.1

v2.3.2

v2.4.0

v2.4.1

v2.4.2

v2.5.0

v2.6.0

v2.7.0

v2.7.1

v2.7.2

v2.8.0