Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Digital Signature Hash Algorithms Not Validated in sylabs/sif
Vulnerability Description
syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
密码学签名的验证不恰当
Vulnerability Title
Singularity Image Format 加密问题漏洞
Vulnerability Description
Singularity Image Format(SIF)是Singularity 团队(Singularity)的一个压缩的squashfs文件系统,它具有块的组织结构,包括元数据和用于容器的定义文件,首标,分区的内容,签名(如果存在的话),以及当然,二进制文件本身的容器。 Singularity Image Format 2.8.1之前的版本存在加密问题漏洞,该漏洞源于其位于“github.com/sylabs/sif/v2/pkg/integrity”包在验证数字签名时,不验证使用的哈希算法是安全的
CVSS Information
N/A
Vulnerability Type
N/A