Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
1DescriptionNVD
An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code
AnalysisAI
An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Memory Leak (CWE-401), which allows attackers to exhaust available memory leading to denial of service. An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code Affected products include: Htslib.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Ensure all allocated memory is properly freed. Use RAII patterns or garbage-collected languages.
An issue has been found in HTSlib 1.8. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no au
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in p
An issue has been found in HTSlib 1.8. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, n
HTSlib contains a heap buffer overflow vulnerability in its CRAM decoder caused by an out-by-one error when validating f
HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the cram_decode_seq(
HTSlib contains a buffer overflow vulnerability in its CRAM format decoder affecting the VARINT and CONST encoding handl
In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink att
HTSlib, a widely-used bioinformatics library for reading and writing sequence alignment formats, contains a critical buf
HTSlib versions prior to 1.21.1, 1.22.2, and 1.23.1 contain an out-by-one error in the CRAM decoder's `cram_byte_array_s
HTSlib versions prior to 1.23.1, 1.22.2, and 1.21.1 contain a heap buffer overflow vulnerability in the GZI index loadin
HTSlib, a bioinformatics library for reading and writing sequence alignment formats, contains a null pointer dereference
HTSlib contains an out-of-bounds read vulnerability in the cram_decode_slice() function that fails to validate the refer
Same weakness CWE-401 – Memory Leak
View allSame technique Denial Of Service
View allShare
External POC / Exploit Code
Leaving vuln.today