OESA-2022-1963
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1963
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1963.json
- JSON Data
- https://api.osv.dev/v1/vulns/OESA-2022-1963
- Upstream
- Published
- 2022-09-23T11:04:22Z
- Modified
- 2025-09-03T06:17:09.783620Z
- Summary
- htslib security update
- Details
-
HTSlib is an implementation of a unified C library for accessing common file formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data, and is the core library used by samtools and bcftools. HTSlib only depends on zlib. It is known to be compatible with gcc, g++ and clang. HTSlib implements a generalized BAM index, with file extension .csi ( coordinate-sorted index). The HTSlib file reader first looks for the new index and then for the old if the new index is absent.
Security Fix(es):
HTSlib through 1.10.2 allows out-of-bounds write access in vcfparseformat (called from vcfparse and vcfread).(CVE-2020-36403)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP3 / htslib
Package
- Name
- htslib
- Purl
- pkg:rpm/openEuler/htslib&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.11-1.oe1
Ecosystem specific
{
"x86_64": [
"htslib-devel-1.11-1.oe1.x86_64.rpm",
"htslib-debuginfo-1.11-1.oe1.x86_64.rpm",
"htslib-1.11-1.oe1.x86_64.rpm",
"htslib-tools-1.11-1.oe1.x86_64.rpm",
"htslib-debugsource-1.11-1.oe1.x86_64.rpm"
],
"aarch64": [
"htslib-devel-1.11-1.oe1.aarch64.rpm",
"htslib-debugsource-1.11-1.oe1.aarch64.rpm",
"htslib-1.11-1.oe1.aarch64.rpm",
"htslib-debuginfo-1.11-1.oe1.aarch64.rpm",
"htslib-tools-1.11-1.oe1.aarch64.rpm"
],
"src": [
"htslib-1.11-1.oe1.src.rpm"
]
}