CVE-2026-31965

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds reads to occur before the invalid data was detected. The bug does allow two values to be leaked to the caller, however as the function reports an error it may be difficult to exploit them. It is also possible that the program will crash due to trying to access invalid memory. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.

CVSS v3 8.2 HIGH

8.2^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/samtools/htslib/commit/9cefb46453ad471e933b8212d4f45920524d3357	Patch
https://github.com/samtools/htslib/security/advisories/GHSA-mqm2-v645-3qhr	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:htslib:htslib::::::::
	cpe:2.3:a:htslib:htslib::::::::
	cpe:2.3:a:htslib:htslib:1.23:::::::*

History

No history.

Information

Published : 2026-03-18 19:16

Updated : 2026-03-19 14:47

NVD link : CVE-2026-31965

Mitre link : CVE-2026-31965

CVE.ORG link : CVE-2026-31965

JSON object : View

Products Affected

htslib

htslib

CWE

CWE-125

Out-of-bounds Read

CWE-129

Improper Validation of Array Index

{"id": "CVE-2026-31965", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.2, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 4.2, "exploitabilityScore": 3.9}], "cvssMetricV40": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 6.9, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "exploitMaturity": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "NONE", "vulnIntegrityImpact": "NONE", "integrityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "vulnAvailabilityImpact": "LOW", "availabilityRequirement": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "subConfidentialityImpact": "NONE", "vulnConfidentialityImpact": "LOW", "confidentialityRequirement": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED"}}]}, "published": "2026-03-18T19:16:04.823", "references": [{"url": "https://github.com/samtools/htslib/commit/9cefb46453ad471e933b8212d4f45920524d3357", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/samtools/htslib/security/advisories/GHSA-mqm2-v645-3qhr", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-125"}, {"lang": "en", "value": "CWE-129"}]}], "descriptions": [{"lang": "en", "value": "HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, validation of the reference id field occurred too late, allowing two out of bounds reads to occur before the invalid data was detected. The bug does allow two values to be leaked to the caller, however as the function reports an error it may be difficult to exploit them. It is also possible that the program will crash due to trying to access invalid memory. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue."}, {"lang": "es", "value": "HTSlib es una biblioteca para leer y escribir formatos de archivo bioinform\u00e1ticos. CRAM es un formato comprimido que almacena datos de alineaci\u00f3n de secuencias de ADN. En la funci\u00f3n 'cram_decode_slice()' llamada al leer registros CRAM, la validaci\u00f3n del campo de ID de referencia ocurri\u00f3 demasiado tarde, permitiendo que ocurrieran dos lecturas fuera de l\u00edmites antes de que se detectaran los datos no v\u00e1lidos. El error permite que se filtren dos valores al llamador, sin embargo, como la funci\u00f3n informa un error, puede ser dif\u00edcil explotarlos. Tambi\u00e9n es posible que el programa falle debido a que intenta acceder a memoria no v\u00e1lida. Las versiones 1.23.1, 1.22.2 y 1.21.1 incluyen correcciones para este problema. No hay una soluci\u00f3n alternativa para este problema."}], "lastModified": "2026-03-19T14:47:35.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:htslib:htslib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A069D6B6-FFF6-4DB7-9811-A568ECC4B288", "versionEndExcluding": "1.21.1"}, {"criteria": "cpe:2.3:a:htslib:htslib:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9D525C8-C8AD-4368-A396-EB4D9DA02B1C", "versionEndExcluding": "1.22.2", "versionStartIncluding": "1.22"}, {"criteria": "cpe:2.3:a:htslib:htslib:1.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAA6BBB2-76F3-4372-9BAE-FDE157401EFD"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}