UBUNTU-CVE-2020-13847

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2020-13847

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-13847.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-13847

Upstream

CVE-2020-13847

Published

2020-07-14T18:15:00Z

Modified

2025-09-08T16:46:09Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Ubuntu - medium

Summary

[none]

Details

Sylabs Singularity 3.0 through 3.5 lacks support for an Integrity Check. Singularity's sign and verify commands do not sign metadata found in the global header or data object descriptors of a SIF file.

References

Affected packages

Ubuntu:Pro:18.04:LTS / singularity-container

Package

Name: singularity-container
Purl: pkg:deb/ubuntu/singularity-container@2.4.2-4ubuntu0.1~esm1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.3.1-2

2.3.2-1

2.4.1-1

2.4.2-2

2.4.2-3

2.4.2-4

2.4.2-4ubuntu0.1~esm1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "2.4.2-4ubuntu0.1~esm1",
            "binary_name": "singularity-container"
        }
    ]
}

Ubuntu:24.04:LTS / singularity-container

Package

Name: singularity-container
Purl: pkg:deb/ubuntu/singularity-container@4.1.1+ds2-1ubuntu0.3?arch=source&distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.1+ds2-1

4.1.1+ds2-1build1

4.1.1+ds2-1ubuntu0.1

4.1.1+ds2-1ubuntu0.2

4.1.1+ds2-1ubuntu0.3

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.1.1+ds2-1ubuntu0.3",
            "binary_name": "golang-github-sylabs-singularity-dev"
        },
        {
            "binary_version": "4.1.1+ds2-1ubuntu0.3",
            "binary_name": "singularity-container"
        }
    ]
}

Ubuntu:25.04 / singularity-container

Package

Name: singularity-container
Purl: pkg:deb/ubuntu/singularity-container@4.1.5+ds4-1?arch=source&distro=plucky

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.1.2+ds1-1

4.1.5+ds4-1

Ecosystem specific

{
    "binaries": [
        {
            "binary_version": "4.1.5+ds4-1",
            "binary_name": "golang-github-sylabs-singularity-dev"
        },
        {
            "binary_version": "4.1.5+ds4-1",
            "binary_name": "singularity-container"
        }
    ]
}