CVE-2026-31973
Received Received - Intake
NULL Pointer Dereference in SAMtools CRAM-Size Command Causes Crash

Publication date: 2026-03-18

Last updated on: 2026-03-19

Assigner: GitHub, Inc.

Description
SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_compression_header()` was missing. If the function returned an error, this could lead to a NULL pointer dereference. Exploiting this bug causes a NULL pointer dereference. Typically this will cause the program to crash. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-18
Last Modified
2026-03-19
Generated
2026-06-16
AI Q&A
2026-03-18
EPSS Evaluated
2026-06-14
NVD
CVE-2026-31973
EUVD
EUVD-2026-12958
Affected Vendors & Products
Showing 3 associated CPEs
Vendor Product Version / Range
samtools samtools From 1.17 (inc) to 1.21.1 (inc)
samtools samtools From 1.22 (inc) to 1.22.2 (exc)
samtools samtools 1.23
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Mitigation Strategies

The primary mitigation step is to upgrade samtools to a fixed version. Versions 1.21.1, 1.22.2, and 1.23.1 include patches that address this vulnerability.

  • Upgrade samtools to version 1.21.1 or later.
  • Avoid using vulnerable versions (>=1.17 up to 1.23) for processing CRAM files, especially with the cram-size command.

There are no known workarounds for this issue, so applying the patch is the only effective mitigation.

Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-31973 is a vulnerability in the samtools software, specifically in the "cram-size" command used to analyze compression efficiency of CRAM files. The issue occurs because the function cram_decode_compression_header() is not properly checked for errors. If this function returns an error (NULL), the program attempts to dereference a NULL pointer, which leads to a crash.'}, {'type': 'paragraph', 'content': 'This NULL pointer dereference happens when the program processes malformed or corrupted CRAM files, causing it to crash unexpectedly. The vulnerability affects samtools versions starting from 1.17 up to versions before the patched releases 1.21.1, 1.22.2, and 1.23.1.'}] [2, 1]

Impact Analysis

[{'type': 'paragraph', 'content': 'Exploiting this vulnerability causes the samtools program to crash due to a NULL pointer dereference. This results in a denial of service condition where the "cram-size" command cannot complete its operation.'}, {'type': 'paragraph', 'content': 'The impact on confidentiality is none, but there is a low impact on integrity and availability. Specifically, unauthorized modification is possible at a low level, and the program crash can disrupt availability of the service or tool relying on samtools.'}, {'type': 'paragraph', 'content': 'No privileges or user interaction are required to exploit this vulnerability, and it can be triggered remotely via network vectors.'}] [2]

Compliance Impact

I don't know

Detection Guidance

This vulnerability causes the samtools program to crash when the cram-size command processes malformed CRAM files due to a NULL pointer dereference. Detection can involve monitoring for unexpected crashes or error messages from samtools when running the cram-size command.

Specifically, running the following command on CRAM files might trigger the issue if the system is vulnerable:

  • samtools cram-size <file.cram>

If the program crashes or prints error messages related to decoding the compression header, it may indicate the presence of the vulnerability.

Additionally, monitoring system logs for samtools crashes or abnormal termination during CRAM file processing can help detect exploitation attempts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-31973. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart