CVE-2021-33027

NVD

https://nvd.nist.gov/vuln/detail/CVE-2021-33027

CWE

https://cwe.mitre.org/data/definitions/331.html

Sylabs Singularity Enterprise through 1.6.2 has Insufficient Entropy in a nonce.

Weakness

The product uses an algorithm or scheme that produces insufficient entropy, leaving patterns or clusters of values that are more likely to occur than others.

Affected Software

Name	Vendor	Start Version	End Version
Singularity	Sylabs	1.2.0 (including)	1.2.6 (excluding)
Singularity	Sylabs	1.3.0 (including)	1.3.4 (excluding)
Singularity	Sylabs	1.4.0 (including)	1.4.4 (excluding)
Singularity	Sylabs	1.5.0 (including)	1.5.4 (excluding)
Singularity	Sylabs	1.6.0 (including)	1.6.3 (excluding)
Singularity	Ubuntu	esm-apps/xenial	*
Singularity	Ubuntu	trusty	*
Singularity	Ubuntu	xenial	*

Potential Mitigations

https://cwe.mitre.org/data/definitions/59.html

References

https://medium.com/sylabs
https://support.sylabs.io/a/solutions/articles/42000086439

Insufficient Entropy

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References