CVE-2026-31966

MEDIUM EPSS 40.1%
Published Mar 18, 20263mo ago · Modified Mar 19, 20263mo ago
6.9 CVSS 4.0
Medium
Find Similar
Published Mar 18, 2026 3mo ago
Last Modified Mar 19, 2026 3mo ago

Description

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. As one method of removing redundant data, CRAM uses reference-based compression so that instead of storing the full sequence for each alignment record it stores a location in an external reference sequence along with a list of differences to the reference at that location as a sequence of "features". When decoding CRAM records, the reference data is stored in a char array, and parts matching the alignment record sequence are copied over as necessary. Due to insufficient validation of the feature data series, it was possible to make the `cram_decode_seq()` function copy data from either before the start, or after the end of the stored reference either into the buffer used to store the output sequence for the cram record, or into the buffer used to build the SAM `MD` tag. This allowed arbitrary data to be leaked to the calling function. This bug may allow information about program state to be leaked. It may also cause a program crash through an attempt to access invalid memory. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.

CVSS Details

Base Score
6.9
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X

Threat Intelligence

EPSS Exploit Probability
40.1% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-125 Out-of-bounds Read Memory Safety
CWE-129

Affected Products 3

VendorProductVersionRange
htslibhtslib* <1.21.1
htslibhtslib*≥1.22  –  <1.22.2
htslibhtslib1.23any

References 4

  • github.com https://github.com/samtools/htslib/commit/22ec5230ef95769ab009420da69568c7e530af28
    Patch
  • github.com https://github.com/samtools/htslib/commit/2a45eb129d703ad27f9fabc8169f0e94d3c69fa3
    Patch
  • github.com https://github.com/samtools/htslib/commit/4a5ef25eb1fb3d64438103316fffe423b2c3f5f4
    Patch
  • github.com https://github.com/samtools/htslib/security/advisories/GHSA-5cj8-mj52-8vp3
    PatchVendor Advisory

Remediation

  • github.com https://github.com/samtools/htslib/commit/22ec5230ef95769ab009420da69568c7e530af28
    Patch
  • github.com https://github.com/samtools/htslib/commit/2a45eb129d703ad27f9fabc8169f0e94d3c69fa3
    Patch
  • github.com https://github.com/samtools/htslib/commit/4a5ef25eb1fb3d64438103316fffe423b2c3f5f4
    Patch
  • github.com https://github.com/samtools/htslib/security/advisories/GHSA-5cj8-mj52-8vp3
    PatchVendor Advisory