Skip to main content

Improper Validation of Integrity Check Value

CVE-2020-13845

Severity High
Score 7.5/10

Summary

Sylabs Singularity v3.0.0-alpha.1 through v3.6.0-rc.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • NONE

CWE-354 - Improper Validation of Integrity Check Value

The software does not validate or incorrectly validates the integrity check values or "checksums" of a message. This may prevent it from detecting if the data has been modified or corrupted in transmission.

Advisory Timeline

  • Published