Htslib
CVE-2018-13843
HIGH
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue
AnalysisAI
An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified under CWE-772. An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue Affected products include: Htslib.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in p
An issue has been found in HTSlib 1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, n
HTSlib contains a heap buffer overflow vulnerability in its CRAM decoder caused by an out-by-one error when validating f
HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the cram_decode_seq(
HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handl
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink att
An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no au
HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buf
HTSlib versions prior to 1.21.1, 1.22.2, and 1.23.1 contain an out-by-one error in the CRAM decoder's `cram_byte_array_s
HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the GZI index loadin
HTSlib, a bioinformatics library for reading and writing sequence alignment formats, contains a null pointer dereference
HTSlib contains an out-of-bounds read vulnerability in the cram_decode_slice() function that fails to validate the refer
Same technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today