CVE-2026-31973

Published: Mar 18, 2026 Last Modified: Mar 18, 2026

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,9

Source: [email protected]

Attack Vector: network

Attack Complexity: low

Privileges Required: none

User Interaction: none

Confidentiality: N/A

Integrity: N/A

Availability: N/A

Description

AI Translation Available

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the `cram_decode_compression_header()` was missing. If the function returned an error, this could lead to a NULL pointer dereference. Exploiting this bug causes a NULL pointer dereference. Typically this will cause the program to crash. Versions 1.23.1, 1.22.2 and 1.21.1 include fixes for this issue. There is no workaround for this issue.

476

NULL Pointer Dereference

Stable

Abstraction: Base Structure: Simple

Common Consequences

Security Scopes Affected:

Availability Integrity Confidentiality

Potential Impacts:

Dos: Crash, Exit, Or Restart Execute Unauthorized Code Or Commands Read Memory Modify Memory

Applicable Platforms

Languages: C, C#, C++, Go, Java

Likelihood of Exploit: Medium

View CWE Details

https://github.com/samtools/samtools/commit/06fc2a219b3d7c9…

https://github.com/samtools/samtools/commit/06fc2a219b3d7c94d3f412c09f6d1efd511…

https://github.com/samtools/samtools/security/advisories/GH…

https://github.com/samtools/samtools/security/advisories/GHSA-x86f-q6fj-cm43

CVE-2026-31973

Description

NULL Pointer Dereference

Common Consequences

Applicable Platforms

Iscriviti alla newsletter