CVE-2022-39237

🗓️ 06 Oct 2022 18:16:00Reported by ubuntu.comType

ubuntucve

ubuntucve🔗 ubuntu.com👁 37 Views

Vulnerability in syslabs/sif module, prior to v2.8.1, allows unverified hash algorithms. Upgrade encouraged.

Reporter	Title	Published	Views	Family All 33
AlpineLinux	CVE-2022-39237	6 Oct 202200:00	–	alpinelinux
Circl	CVE-2022-39237	6 Oct 202222:17	–	circl
CNNVD	Singularity Image Format 加密问题漏洞	6 Oct 202200:00	–	cnnvd
CNVD	Singularity Image Format Encryption Problem Vulnerability	10 Oct 202200:00	–	cnvd
CVE	CVE-2022-39237	6 Oct 202200:00	–	cve
Cvelist	CVE-2022-39237 Digital Signature Hash Algorithms Not Validated in sylabs/sif	6 Oct 202200:00	–	cvelist
Debian CVE	CVE-2022-39237	6 Oct 202200:00	–	debiancve
EUVD	EUVD-2022-7123	3 Oct 202520:07	–	euvd
Tenable Nessus	GLSA-202210-19 : Apptainer: Lack of Digital Signature Hash Verification	31 Oct 202200:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : apptainer (openSUSE-SU-2023:0018-1)	16 Jan 202300:00	–	nessus

OS	OS Version	Architecture	Package	Package Version	Filename
Ubuntu	20.04	any	golang-github-sylabs-sif	0	golang-github-sylabs-sif_0_any.deb
Ubuntu	22.04	any	golang-github-sylabs-sif	0	golang-github-sylabs-sif_0_any.deb
Ubuntu	24.04	any	singularity-container	0	singularity-container_0_any.deb
Ubuntu	26.04	any	singularity-container	0	singularity-container_0_any.deb
Ubuntu	25.10	any	singularity-container	0	singularity-container_0_any.deb

Source	Link
github	www.github.com/sylabs/sif/security/advisories/GHSA-m5m3-46gj-wch8
github	www.github.com/sylabs/sif/commit/21972852d8783bc93fbf080190de8e1978f1c254%20(v2.8.1)
github	www.github.com/sylabs/sif/commit/a854038ce1f18237b81d505a1c3be6a60505db52%20(v2.8.1)
github	www.github.com/sylabs/sif/commit/07fb86029a12e3210f6131e065570124605daeaa
cve	www.cve.org/CVERecord

24 Jun 2025 14:58Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.16.3 - 9.8

EPSS0.00477

SSVC

cve-2022-39237 singularity image format sif hash algorithm digital signatures upgrade