Primary

Context

HTSlib CRAM Reader Out-of-Bounds Read Vulnerability Allowing Data Leakage

Vulnerability

Patched

A vulnerability in HTSlib's CRAM reader can lead to an out-of-bounds read, allowing arbitrary data to be leaked. This issue arises from improper validation of feature data in CRAM files, which use reference-based compression to store DNA sequence alignment data. The flaw enables the `cram_decode_seq()` function to copy data from outside the bounds of the reference into output buffers, potentially disclosing information about the program's state or causing a crash by accessing invalid memory.

Impact

Exploitation of this vulnerability can result in unauthorized data leakage and may cause a program crash due to invalid memory access.

Remediation

Users can upgrade to HTSlib versions 1.21.1, 1.22.2, or 1.23.1 to address this vulnerability.

Added: Mar 18, 2026, 8:38 PM

Updated: Mar 18, 2026, 8:38 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTSlib CRAM Reader Out-of-Bounds Read Vulnerability Allowing Data Leakage

Vulnerability

Impact

Remediation

Affected Products

HTSlib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating