Vulnerability Report: GO-2022-1045

CVE-2022-39237, GHSA-m5m3-46gj-wch8
Affects: github.com/sylabs/sif/v2
Published: Oct 21, 2022
Modified: Jun 12, 2023

The Singularity Image Format (SIF) reference implementation does not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures.

For detailed information about this vulnerability, visit https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8.

Affected Packages

Path

Versions

Symbols
github.com/sylabs/sif/v2/pkg/integrity

before v2.8.1
- Signer.Sign
- Verifier.Verify

Aliases

CVE-2022-39237
GHSA-m5m3-46gj-wch8

References

https://github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8
https://github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa
https://vuln.go.dev/ID/GO-2022-1045.json

Feedback

See anything missing or incorrect? Suggest an edit to this report.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL