{"schema_version":"1.7.2","id":"OESA-2022-1963","modified":"2022-09-23T11:04:22Z","published":"2022-09-23T11:04:22Z","upstream":["CVE-2020-36403"],"summary":"htslib security update","details":"HTSlib is an implementation of a unified C library for accessing common file  formats, such as SAM, CRAM and VCF, used for high-throughput sequencing data,  and is the core library used by samtools and bcftools. HTSlib only depends on  zlib. It is known to be compatible with gcc, g++ and clang. HTSlib implements a generalized BAM index, with file extension .csi ( coordinate-sorted index). The HTSlib file reader first looks for the new index and then for the old if the new index is absent.\r\n\r\nSecurity Fix(es):\r\n\r\nHTSlib through 1.10.2 allows out-of-bounds write access in vcf_parse_format (called from vcf_parse and vcf_read).(CVE-2020-36403)","affected":[{"package":{"ecosystem":"openEuler:20.03-LTS-SP3","name":"htslib","purl":"pkg:rpm/openEuler/htslib\u0026distro=openEuler-20.03-LTS-SP3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.11-1.oe1"}]}],"ecosystem_specific":{"aarch64":["htslib-devel-1.11-1.oe1.aarch64.rpm","htslib-debugsource-1.11-1.oe1.aarch64.rpm","htslib-1.11-1.oe1.aarch64.rpm","htslib-debuginfo-1.11-1.oe1.aarch64.rpm","htslib-tools-1.11-1.oe1.aarch64.rpm"],"src":["htslib-1.11-1.oe1.src.rpm"],"x86_64":["htslib-devel-1.11-1.oe1.x86_64.rpm","htslib-debuginfo-1.11-1.oe1.x86_64.rpm","htslib-1.11-1.oe1.x86_64.rpm","htslib-tools-1.11-1.oe1.x86_64.rpm","htslib-debugsource-1.11-1.oe1.x86_64.rpm"]}}],"references":[{"type":"ADVISORY","url":"https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2022-1963"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-36403"}],"database_specific":{"severity":"High"}}