VYPR
Moderate severityNVD Advisory· Published Oct 6, 2022· Updated Apr 23, 2025

Digital Signature Hash Algorithms Not Validated in sylabs/sif

CVE-2022-39237

Description

syslabs/sif is the Singularity Image Format (SIF) reference implementation. In versions prior to 2.8.1the github.com/sylabs/sif/v2/pkg/integrity package did not verify that the hash algorithm(s) used are cryptographically secure when verifying digital signatures. A patch is available in version >= v2.8.1 of the module. Users are encouraged to upgrade. Users unable to upgrade may independently validate that the hash algorithm(s) used for metadata digest(s) and signature hash are cryptographically secure.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
github.com/sylabs/sif/v2Go
< 2.8.12.8.1

Affected products

5

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.