VDB
CVE-2020-13845
CVE-2020-13845
PUBLISHED
Sylabs Singularity 3.0 through 3.5 has Improper Validation of an Integrity Check Value. Image integrity is not validated when an ECL policy is enforced. The fingerprint required by the ECL is compared against the signature object descriptor(s) in the SIF file, rather than to a cryptographically validated signature.
EPSS 0.08% · 23.4th percentile
Risk Scores
EPSS Score
0.08%
23.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:24.04:LTS | singularity-container | 0, 4.1.1+ds2-1, 4.1.1+ds2-1build1 |
| Ubuntu:Pro:18.04:LTS | singularity-container | 2.4.2-2, 2.4.2-4, 2.4.2-4ubuntu0.1~esm1 |
| Ubuntu:25.10 | singularity-container | 0, 4.1.5+ds4-1 |
Timeline
- Jul 14, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-13845 third-party-advisory
- https://github.com/hpcng/singularity/security/advisories/GHSA-pmfr-63c2-jr5c third-party-advisory
- https://medium.com/sylabs third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-13845 third-party-advisory