SAMtools Use-After-Free Vulnerability in Mpileup Command
Vulnerability
A use-after-free vulnerability has been identified in SAMtools versions through 1.21, specifically within the mpileup command. This issue arises when reference data is discarded too early, leading to an attempt to read from a pointer to freed memory. Such behavior could potentially leak information about the program's state or cause a crash by accessing invalid memory.
Impact
Exploitation of this vulnerability may result in a program crash or the unintentional leakage of information regarding the program's state.
Reproduction
The vulnerability can be reproduced by using the SAMtools mpileup command with a specific reference file that causes the program to discard reference data prematurely. This can be tested by aligning DNA sequences in such a way that the output mpileup file triggers the early data discard, while the address sanitizer is active to catch the resulting memory access error.
Remediation
Users can upgrade to SAMtools versions 1.21.1 or 1.22 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.