CVE-2017-1000206
Published: 17 November 2017
samtools htslib library version 1.4.0 and earlier is vulnerable to buffer overflow in the CRAM rANS codec resulting in potential arbitrary code execution
From the Ubuntu Security Team
It was discovered that HTSlib incorrectly handled certain data. An attacker could possibly use this issue to execute arbitrary code.
Priority
Status
Package | Release | Status |
---|---|---|
htslib Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
(1.5-1)
|
bionic |
Not vulnerable
|
|
cosmic |
Not vulnerable
|
|
disco |
Not vulnerable
|
|
eoan |
Not vulnerable
|
|
focal |
Not vulnerable
|
|
groovy |
Not vulnerable
|
|
hirsute |
Not vulnerable
|
|
impish |
Not vulnerable
|
|
jammy |
Not vulnerable
|
|
trusty |
Not vulnerable
(code not present)
|
|
upstream |
Released
(1.4.1-1)
|
|
xenial |
Released
(1.2.1-2ubuntu1+esm1)
Available with Ubuntu Pro |
|
zesty |
Ignored
(end of life)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |