2 matches found
Improper Verification Of Cryptographic Signatures
sylabs sif is vulnerable to a lack of cryptographic signature validations. The vulnerability exists due to the package not verifying the hash algorithm used is cryptographically secure when verifying digital signatures allowing an attacker to perform unauthorized actions...
CVE-2022-39237 Digital Signature Hash Algorithms Not Validated in sylabs/sif
syslabs/sif is the Singularity Image Format SIF reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithms used are cryptographically secure when verifying digital signatures. A patch is available in version =...