CVE-2026-31967
Received Received - Intake
Out-of-Bounds Read in HTSlib CRAM Causes Info Leak, Crash

Publication date: 2026-03-18

Last updated on: 2026-03-19

Assigner: GitHub, Inc.

Description
HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the `cram_decode_slice()` function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, for example when converting the data to SAM format, could result in the out of bounds array reads when looking up the corresponding reference name. If the array value obtained also happened to be a valid pointer, it would be interpreted as a string and an attempt would be made to write the data as part of the SAM record. This bug may allow information about program state to be leaked. It may also cause a program crash through an attempt to access invalid memory. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-19
Generated
2026-05-07
AI Q&A
2026-03-18
EPSS Evaluated
2026-05-05
NVD
CVE-2026-31967
EUVD
EUVD-2026-12938
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
htslib htslib to 1.21.1 (exc)
htslib htslib From 1.22 (inc) to 1.22.2 (exc)
htslib htslib 1.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-125 The product reads data past the end, or before the beginning, of the intended buffer.
CWE-129 The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

[{'type': 'paragraph', 'content': "CVE-2026-31967 is a vulnerability in HTSlib, a bioinformatics library used for reading and writing DNA sequence alignment file formats. The issue occurs in the function `cram_decode_slice()` when reading CRAM records, where the 'mate reference id' field is not properly validated."}, {'type': 'paragraph', 'content': 'Because this value is not checked, it can cause out-of-bounds array reads when the program tries to look up the corresponding reference name during conversion to SAM format. If the out-of-bounds value points to valid memory, it may be interpreted as a string and written into the SAM record unintentionally.'}, {'type': 'paragraph', 'content': 'This can lead to leakage of program state information or cause the program to crash due to invalid memory access.'}] [1]


How can this vulnerability impact me? :

[{'type': 'paragraph', 'content': "This vulnerability can impact you by potentially leaking sensitive information about the program's internal state through unintended data disclosure."}, {'type': 'paragraph', 'content': 'Additionally, it may cause the program using HTSlib to crash due to attempts to access invalid memory, which can disrupt normal operations.'}, {'type': 'paragraph', 'content': 'The vulnerability can be exploited remotely without any privileges or user interaction, making it easier for attackers to cause these impacts.'}] [1]


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade HTSlib to a fixed version. The versions that include fixes are 1.21.1, 1.22.2, and 1.23.1.

There are no known workarounds for this issue, so applying the update is the only effective immediate step.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart