Skip to main content

Htslib CVE-2017-1000206

CRITICAL
Buffer Overflow (CWE-119)
2017-11-17 cve@mitre.org
9.8
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Nov 17, 2017 - 15:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution

AnalysisAI

samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution Affected products include: Htslib. Version information: version 1.4.0.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

More in Htslib

View all
CVE-2018-13843 HIGH POC
7.5 Jul 10

An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no au

CVE-2018-13845 CRITICAL
9.8 Jul 10

An issue has been found in HTSlib 1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, n

CVE-2026-31963 HIGH
8.8 Mar 18

HTSlib contains a heap buffer overflow vulnerability in its CRAM decoder caused by an out-by-one error when validating f

CVE-2026-31962 HIGH
8.8 Mar 18

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the cram_decode_seq(

CVE-2026-31968 HIGH
8.8 Mar 18

HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handl

CVE-2018-14329 MEDIUM POC
4.7 Jul 17

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink att

CVE-2018-13844 HIGH
7.5 Jul 10

An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no au

CVE-2026-31971 HIGH
7.1 Mar 18

HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buf

CVE-2026-31969 HIGH
7.1 Mar 18

HTSlib versions prior to 1.21.1, 1.22.2, and 1.23.1 contain an out-by-one error in the CRAM decoder's `cram_byte_array_s

CVE-2026-31970 HIGH
7.1 Mar 18

HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the GZI index loadin

CVE-2026-31964 MEDIUM
6.9 Mar 18

HTSlib, a bioinformatics library for reading and writing sequence alignment formats, contains a null pointer dereference

CVE-2026-31965 MEDIUM
6.9 Mar 18

HTSlib contains an out-of-bounds read vulnerability in the cram_decode_slice() function that fails to validate the refer

Share

CVE-2017-1000206 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy