Primary

Context

HTSlib Out-of-Bounds Read Vulnerability in CRAM Reader

Vulnerability

Patched

A vulnerability in HTSlib's CRAM decoding function can lead to out-of-bounds reads. This issue arises because the mate reference ID field is not properly validated, allowing for potential array read errors when converting to SAM format. If the erroneous array value happens to be a valid pointer, it could be misinterpreted as a string, leading to unauthorized data writes in the SAM record. Such mismanagement may cause program crashes or unintentional information leaks. The vulnerability affects HTSlib versions through 1.21, 1.22, 1.22.1, and 1.23, with the issue resolved in versions 1.21.1, 1.22.2, and 1.23.1.

Impact

Exploitation of this vulnerability can cause out-of-bounds memory access, potentially leading to program crashes or unauthorized information leaks.

Added: Mar 18, 2026, 8:33 PM

Updated: Mar 18, 2026, 8:33 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.3

remediation

7.7

relevance

4.1

threat

3.2

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

HTSlib Out-of-Bounds Read Vulnerability in CRAM Reader

Vulnerability

Impact

Affected Products

HTSlib

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating