CVE-2018-11099

Name of the Vulnerable Software and Affected Versions: VCFtools version 0.1.15

Description: The issue is related to a heap-based buffer over-read in the header::add INFO descriptor function, which can lead to information disclosure. This can be exploited by remote attackers using a crafted vcf file. The vulnerability is associated with reading data beyond the buffer boundaries, allowing unauthorized access to protected information.

Recommendations: For VCFtools version 0.1.15, consider disabling the header::add INFO descriptor function as a temporary workaround until a patch is available. Restrict access to the header.cpp file to minimize the risk of exploitation. Avoid using crafted vcf files that may trigger the buffer over-read issue until the vulnerability is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.