PT-2026-26144 · Htslib · Htslib
Daviesrob
·
Publicado
2026-01-01
·
Atualizado
2026-03-18
·
CVE-2026-31968
CVSS v4.0
8.8
Alta
| Vetor | AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
HTSlib versions prior to 1.23.1
HTSlib version 1.22.2
HTSlib version 1.21.1
Description
HTSlib is a library used for reading and writing bioinformatics file formats. A flaw exists in the handling of
VARINT and CONST encodings within the CRAM compressed format. Insufficient validation of the encoding context can lead to heap or stack buffer overflows, potentially allowing for arbitrary code execution. Specifically, up to eight bytes may be written beyond allocated memory regions, potentially overwriting adjacent variables or altering program control flow. Exploitation requires a specially crafted file.Recommendations
Update HTSlib to version 1.23.1 or later.
Update HTSlib to version 1.22.2.
Update HTSlib to version 1.21.1.
Exploit
Correção
Heap Based Buffer Overflow
Type Confusion
Stack Overflow
Memory Corruption
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Htslib