Error Conditions, Return Values, Status Codes

CVE-2020-13846

High

7.5/10

Summary

Sylabs Singularity 3.5.0-rc1 through 3.5.3 fails to report an error in a Status Code.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: NONE

CWE-389 - Error Conditions, Return Values, Status Codes

This category includes weaknesses that occur if a function does not generate the correct return/status code, or if the application does not handle all possible return/status codes that could be generated by a function. This type of problem is most often found in conditions that are rarely encountered during the normal operation of the product. Presumably, most bugs related to common conditions are found and eliminated during development and testing. In some cases, the attacker can directly control or influence the environment to trigger the rare conditions.

References

Advisory Timeline

Published Jul 14, 2020

Error Conditions, Return Values, Status Codes

CVE-2020-13846

Summary

CWE-389 - Error Conditions, Return Values, Status Codes

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS