CVE-2021-29499

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-29499

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-29499.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-29499

Aliases

Related

Published

2021-05-07T21:15:07Z

Modified

2025-01-14T09:04:24.507932Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

SIF is an open source implementation of the Singularity Container Image Format. The siftool new command and func siftool.New() produce predictable UUID identifiers due to insecure randomness in the version of the github.com/satori/go.uuid module used as a dependency. A patch is available in version >= v1.2.3 of the module. Users are encouraged to upgrade. As a workaround, users passing CreateInfo struct should ensure the ID field is generated using a version of github.com/satori/go.uuid that is not vulnerable to this issue.

References

Affected packages

Debian:11 / golang-github-sylabs-sif

Package

Name: golang-github-sylabs-sif
Purl: pkg:deb/debian/golang-github-sylabs-sif?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.0.9-2.1

2.*

2.3.1-1

2.3.1-2

2.3.1-3

2.8.3-1

2.8.3-2

2.15.0-1

2.15.1-1

2.15.2-1

2.16.0-1

2.16.0-2

2.17.0-1

2.18.0-1

2.19.1-1

2.19.2-1

2.20.0-1

2.20.0-2

2.20.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / golang-github-sylabs-sif

Package

Name: golang-github-sylabs-sif
Purl: pkg:deb/debian/golang-github-sylabs-sif?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / golang-github-sylabs-sif

Package

Name: golang-github-sylabs-sif
Purl: pkg:deb/debian/golang-github-sylabs-sif?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.3.1-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/sylabs/sif

Affected ranges

Type: GIT
Repo: https://github.com/sylabs/sif
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

193962882122abf85ff5f5bcc86404933e71c07d

Affected versions

v1.*

v1.0.0

v1.0.1

v1.0.10

v1.0.3

v1.0.3-beta.1

v1.0.4

v1.0.5

v1.0.6

v1.0.7

v1.0.8

v1.0.9

v1.1.0

v1.2.0

v1.2.1

v1.2.2