CVE-2022-39237

Publication date 6 October 2022

Last updated 24 June 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

6.3 · Medium

Score breakdown

syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the `github.com/sylabs/sif/v2/pkg/integrity` package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

Read the notes from the security team

Status

Package Ubuntu Release Status
golang-github-sylabs-sif 25.04 plucky
Not affected
24.10 oracular
Not affected
24.04 LTS noble
Not affected
23.10 mantic Ignored end of life, was needs-triage
23.04 lunar Ignored end of life, was needs-triage
22.10 kinetic Ignored end of life, was needs-triage
22.04 LTS jammy
Vulnerable
20.04 LTS focal
Vulnerable
18.04 LTS bionic Not in release
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support
singularity-container 25.04 plucky
Needs evaluation
24.10 oracular Ignored end of life, was needs-triage
24.04 LTS noble
Needs evaluation
22.04 LTS jammy Not in release
20.04 LTS focal Not in release
18.04 LTS bionic
Needs evaluation
16.04 LTS xenial Ignored end of standard support
14.04 LTS trusty Ignored end of standard support

Notes

allenpthuang

singularity-container vendors golang-github-sylabs-sif

Severity score breakdown

Parameter Value
Base score 6.3 · Medium
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L