{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-28T22:29:33.818","vulnerabilities":[{"cve":{"id":"CVE-2026-31970","sourceIdentifier":"security-advisories@github.com","published":"2026-03-18T20:16:21.980","lastModified":"2026-03-19T13:59:29.387","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"HTSlib is a library for reading and writing bioinformatics file formats. GZI files are used to index block-compressed GZIP [BGZF] files.  In the GZI loading function, `bgzf_index_load_hfile()`, it was possible to trigger an integer overflow, leading to an under- or zero-sized buffer being allocated to store the index.  Sixteen zero bytes would then be written to this buffer, and, depending on the result of the overflow the rest of the file may also be loaded into the buffer as well.  If the function did attempt to load the data, it would eventually fail due to not reading the expected number of records, and then try to free the overflowed heap buffer. Exploiting this bug causes a heap buffer overflow. If a user opens a file crafted to exploit this issue, it could lead to the program crashing, or overwriting of data and heap structures in ways not expected by the program.  It may be possible to use this to obtain arbitrary code execution. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. The easiest work-around is to discard any `.gzi` index files from untrusted sources, and use the `bgzip -r` option to recreate them."},{"lang":"es","value":"HTSlib es una biblioteca para leer y escribir formatos de archivo de bioinformática. Los archivos GZI se utilizan para indexar archivos GZIP [BGZF] comprimidos por bloques. En la función de carga GZI, `bgzf_index_load_hfile()`, fue posible activar un desbordamiento de entero, lo que llevó a la asignación de un búfer de tamaño insuficiente o cero para almacenar el índice. Luego se escribirían dieciséis bytes cero en este búfer y, dependiendo del resultado del desbordamiento, el resto del archivo también podría cargarse en el búfer. Si la función intentaba cargar los datos, eventualmente fallaría debido a que no leía el número esperado de registros, y luego intentaría liberar el búfer de pila desbordado. Explotar este error causa un desbordamiento de búfer de pila. Si un usuario abre un archivo diseñado para explotar este problema, podría provocar el bloqueo del programa o la sobrescritura de datos y estructuras de pila de formas no esperadas por el programa. Puede ser posible usar esto para obtener ejecución de código arbitrario. Las versiones 1.23.1, 1.22.2 y 1.21.1 incluyen correcciones para este problema. La solución alternativa más sencilla es descartar cualquier archivo de índice `.gzi` de fuentes no confiables y usar la opción `bgzip -r` para recrearlos."}],"metrics":{"cvssMetricV40":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"4.0","vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X","baseScore":7.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","attackRequirements":"NONE","privilegesRequired":"NONE","userInteraction":"PASSIVE","vulnConfidentialityImpact":"NONE","vulnIntegrityImpact":"HIGH","vulnAvailabilityImpact":"LOW","subConfidentialityImpact":"NONE","subIntegrityImpact":"NONE","subAvailabilityImpact":"NONE","exploitMaturity":"NOT_DEFINED","confidentialityRequirement":"NOT_DEFINED","integrityRequirement":"NOT_DEFINED","availabilityRequirement":"NOT_DEFINED","modifiedAttackVector":"NOT_DEFINED","modifiedAttackComplexity":"NOT_DEFINED","modifiedAttackRequirements":"NOT_DEFINED","modifiedPrivilegesRequired":"NOT_DEFINED","modifiedUserInteraction":"NOT_DEFINED","modifiedVulnConfidentialityImpact":"NOT_DEFINED","modifiedVulnIntegrityImpact":"NOT_DEFINED","modifiedVulnAvailabilityImpact":"NOT_DEFINED","modifiedSubConfidentialityImpact":"NOT_DEFINED","modifiedSubIntegrityImpact":"NOT_DEFINED","modifiedSubAvailabilityImpact":"NOT_DEFINED","Safety":"NOT_DEFINED","Automatable":"NOT_DEFINED","Recovery":"NOT_DEFINED","valueDensity":"NOT_DEFINED","vulnerabilityResponseEffort":"NOT_DEFINED","providerUrgency":"NOT_DEFINED"}}],"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H","baseScore":8.1,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.2}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-122"},{"lang":"en","value":"CWE-131"},{"lang":"en","value":"CWE-190"},{"lang":"en","value":"CWE-787"},{"lang":"en","value":"CWE-1284"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:htslib:htslib:*:*:*:*:*:*:*:*","versionEndExcluding":"1.21","matchCriteriaId":"CABE63DE-3B1C-4D14-9318-AB2A94625586"},{"vulnerable":true,"criteria":"cpe:2.3:a:htslib:htslib:*:*:*:*:*:*:*:*","versionStartIncluding":"1.22","versionEndExcluding":"1.22.2","matchCriteriaId":"D9D525C8-C8AD-4368-A396-EB4D9DA02B1C"},{"vulnerable":true,"criteria":"cpe:2.3:a:htslib:htslib:1.23:*:*:*:*:*:*:*","matchCriteriaId":"AAA6BBB2-76F3-4372-9BAE-FDE157401EFD"}]}]}],"references":[{"url":"https://github.com/samtools/htslib/commit/6dd0d7d0e9e7e2e173a28969e624db8bc8bb5828","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/samtools/htslib/security/advisories/GHSA-p345-84hx-fq6q","source":"security-advisories@github.com","tags":["Mitigation","Patch","Vendor Advisory"]},{"url":"http://www.openwall.com/lists/oss-security/2026/03/18/9","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]}]}}]}