PT-2026-26153 · Samtools · Samtools
Aviesrob
·
Published
2026-03-18
·
Updated
2026-03-19
·
CVE-2026-31972
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAMtools versions prior to 1.21.1
SAMtools versions prior to 1.22
Description
SAMtools is a program used for bioinformatics file manipulation. The
mpileup command, which outputs aligned DNA sequences, contains a flaw where data may be prematurely discarded from memory. This can lead to attempts to read from freed memory, potentially leaking program state or causing a crash. The issue occurs due to incorrect memory management within the mpileup command.Recommendations
Update to SAMtools version 1.21.1 or later.
Update to SAMtools version 1.22 or later.
Exploit
Fix
Use After Free
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Samtools