CVE-2026-31973
NULL Pointer Dereference in SAMtools CRAM-Size Command Causes Crash
Publication date: 2026-03-18
Last updated on: 2026-03-19
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| samtools | samtools | From 1.17 (inc) to 1.21.1 (inc) |
| samtools | samtools | From 1.22 (inc) to 1.22.2 (exc) |
| samtools | samtools | 1.23 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to upgrade samtools to a fixed version. Versions 1.21.1, 1.22.2, and 1.23.1 include patches that address this vulnerability.
- Upgrade samtools to version 1.21.1 or later.
- Avoid using vulnerable versions (>=1.17 up to 1.23) for processing CRAM files, especially with the cram-size command.
There are no known workarounds for this issue, so applying the patch is the only effective mitigation.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2026-31973 is a vulnerability in the samtools software, specifically in the "cram-size" command used to analyze compression efficiency of CRAM files. The issue occurs because the function cram_decode_compression_header() is not properly checked for errors. If this function returns an error (NULL), the program attempts to dereference a NULL pointer, which leads to a crash.'}, {'type': 'paragraph', 'content': 'This NULL pointer dereference happens when the program processes malformed or corrupted CRAM files, causing it to crash unexpectedly. The vulnerability affects samtools versions starting from 1.17 up to versions before the patched releases 1.21.1, 1.22.2, and 1.23.1.'}] [2, 1]
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': 'Exploiting this vulnerability causes the samtools program to crash due to a NULL pointer dereference. This results in a denial of service condition where the "cram-size" command cannot complete its operation.'}, {'type': 'paragraph', 'content': 'The impact on confidentiality is none, but there is a low impact on integrity and availability. Specifically, unauthorized modification is possible at a low level, and the program crash can disrupt availability of the service or tool relying on samtools.'}, {'type': 'paragraph', 'content': 'No privileges or user interaction are required to exploit this vulnerability, and it can be triggered remotely via network vectors.'}] [2]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability causes the samtools program to crash when the cram-size command processes malformed CRAM files due to a NULL pointer dereference. Detection can involve monitoring for unexpected crashes or error messages from samtools when running the cram-size command.
Specifically, running the following command on CRAM files might trigger the issue if the system is vulnerable:
- samtools cram-size <file.cram>
If the program crashes or prints error messages related to decoding the compression header, it may indicate the presence of the vulnerability.
Additionally, monitoring system logs for samtools crashes or abnormal termination during CRAM file processing can help detect exploitation attempts.