HTSlib 1.8

CPE Details

HTSlib 1.8
htslib
htslib
1.8
2019-08-12
12h57 +00:00
2019-08-12
12h57 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:htslib:htslib:1.8:*:*:*:*:*:*:*

Informations

Vendor

htslib

Product

htslib

Version

1.8

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2020-36403 2021-07-01 00h51 +00:00 HTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).
8.8
Haute
CVE-2018-14329 2018-07-17 00h00 +00:00 In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.
4.7
Moyen
CVE-2018-13843 2018-07-10 16h00 +00:00 An issue has been found in HTSlib 1.8. It is a memory leak in bgzf_getline in bgzf.c. NOTE: the software maintainer's position is that the "failure to free memory" can be fixed in applications that use the HTSlib library (such as test/test_bgzf.c in the original report) and is not a library issue
7.5
Haute
CVE-2018-13844 2018-07-10 16h00 +00:00 An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code
7.5
Haute
CVE-2018-13845 2018-07-10 16h00 +00:00 An issue has been found in HTSlib 1.8. It is a buffer over-read in sam_parse1 in sam.c.
9.8
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.