{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T19:21:00.357","vulnerabilities":[{"cve":{"id":"CVE-2026-31967","sourceIdentifier":"security-advisories@github.com","published":"2026-03-18T20:16:21.280","lastModified":"2026-03-19T14:36:34.813","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, for example when converting the data to SAM format, could result in the out of bounds array reads when looking up the corresponding reference name. If the array value obtained also happened to be a valid pointer, it would be interpreted as a string and an attempt would be made to write the data as part of the SAM record. This bug may allow information about program state to be leaked. It may also cause a program crash through an attempt to access invalid memory. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue."},{"lang":"es","value":"HTSlib es una biblioteca para leer y escribir formatos de archivo bioinformáticos. CRAM es un formato comprimido que almacena datos de alineación de secuencias de ADN. En la función 'cram_decode_slice()' llamada al leer registros CRAM, el valor del campo 'mate reference id' no fue validado. El uso posterior de este valor, por ejemplo al convertir los datos a formato SAM, podría resultar en lecturas de array fuera de límites al buscar el nombre de referencia correspondiente. Si el valor del array obtenido también resultara ser un puntero válido, sería interpretado como una cadena y se intentaría escribir los datos como parte del registro SAM. Este error podría permitir que se filtre información sobre el estado del programa. También podría causar un fallo del programa a través de un intento de acceder a memoria inválida. Las versiones 1.23.1, 1.22.2 y 1.21.1 incluyen correcciones para este problema. No hay solución alternativa para este problema."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":6.9,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"NONE","vulnConfidentialityImpact":"LOW","vulnIntegrityImpact":"NONE","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H","baseScore":9.1,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-125"},{"lang":"en","value":"CWE-129"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:htslib:htslib:*:*:*:*:*:*:*:*","versionEndExcluding":"1.21.1","matchCriteriaId":"A069D6B6-FFF6-4DB7-9811-A568ECC4B288"},{"vulnerable":true,"criteria":"cpe:2.3:a:htslib:htslib:*:*:*:*:*:*:*:*","versionStartIncluding":"1.22","versionEndExcluding":"1.22.2","matchCriteriaId":"D9D525C8-C8AD-4368-A396-EB4D9DA02B1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:htslib:htslib:1.23:*:*:*:*:*:*:*","matchCriteriaId":"AAA6BBB2-76F3-4372-9BAE-FDE157401EFD"}]}]}],"references":[{"url":"https://github.com/samtools/htslib/commit/9cefb46453ad471e933b8212d4f45920524d3357","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/samtools/htslib/security/advisories/GHSA-33x5-c6vj-8f2w","source":"security-advisories@github.com","tags":["Patch","Vendor Advisory"]}]}}]}