ubuntu-cve-2026-31972
Vulnerability from osv_ubuntu
Published
2026-03-18 21:16
Modified
2026-05-20 15:27
Summary
Details

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The mpileup command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally the reference DNA base at that position (obtained from a separate file) and all of the DNA bases that aligned to that position. As the output is ordered by position, reference data that is no longer needed is discarded once it has been printed out. Under certain conditions the data could be discarded too early, leading to an attempt to read from a pointer to freed memory. This bug may allow information about program state to be leaked. It may also cause a program crash through an attempt to access invalid memory. This bug is fixed in versions 1.21.1 and 1.22. There is no workaround for this issue.


{
  "affected": [
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "0.1.19-1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:14.04:LTS",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@0.1.19-1?arch=source\u0026distro=trusty"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1.19-1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "0.1.19-1ubuntu1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:16.04:LTS",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@0.1.19-1ubuntu1?arch=source\u0026distro=xenial"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "0.1.19-1ubuntu1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "1.7-1"
          },
          {
            "binary_name": "samtools-test",
            "binary_version": "1.7-1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:18.04:LTS",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@1.7-1?arch=source\u0026distro=bionic"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.4.1-1build1",
        "1.5-1build1",
        "1.6-3ubuntu1",
        "1.6-4",
        "1.7-1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "1.10-3"
          },
          {
            "binary_name": "samtools-test",
            "binary_version": "1.10-3"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:20.04:LTS",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@1.10-3?arch=source\u0026distro=focal"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.9-4",
        "1.9-5",
        "1.9-6",
        "1.9-7",
        "1.10-3"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "1.13-4"
          },
          {
            "binary_name": "samtools-test",
            "binary_version": "1.13-4"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:22.04:LTS",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@1.13-4?arch=source\u0026distro=jammy"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.13-2",
        "1.13-4"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "1.19.2-1build2"
          },
          {
            "binary_name": "samtools-test",
            "binary_version": "1.19.2-1build2"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:24.04:LTS",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@1.19.2-1build2?arch=source\u0026distro=noble"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.17-1",
        "1.18-1",
        "1.19-1",
        "1.19.2-1",
        "1.19.2-1build1",
        "1.19.2-1build2"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "1.21-1"
          },
          {
            "binary_name": "samtools-test",
            "binary_version": "1.21-1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:25.10",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@1.21-1?arch=source\u0026distro=questing"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.21-1"
      ]
    },
    {
      "ecosystem_specific": {
        "binaries": [
          {
            "binary_name": "samtools",
            "binary_version": "1.22.1-1"
          },
          {
            "binary_name": "samtools-test",
            "binary_version": "1.22.1-1"
          }
        ]
      },
      "package": {
        "ecosystem": "Ubuntu:26.04:LTS",
        "name": "samtools",
        "purl": "pkg:deb/ubuntu/samtools@1.22.1-1?arch=source\u0026distro=resolute"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.21-1",
        "1.22.1-1"
      ]
    }
  ],
  "aliases": [],
  "details": "SAMtools is a program for reading, manipulating and writing bioinformatics file formats. The `mpileup` command outputs DNA sequences that have been aligned against a known reference. On each output line it writes the reference position, optionally the reference DNA base at that position (obtained from a separate file) and all of the DNA bases that aligned to that position. As the output is ordered by position, reference data that is no longer needed is discarded once it has been printed out. Under certain conditions the data could be discarded too early, leading to an attempt to read from a pointer to freed memory. This bug may allow information about program state to be leaked. It may also cause a program crash through an attempt to access invalid memory. This bug is fixed in versions 1.21.1 and 1.22. There is no workaround for this issue.",
  "id": "UBUNTU-CVE-2026-31972",
  "modified": "2026-05-20T15:27:20Z",
  "published": "2026-03-18T21:16:00Z",
  "references": [
    {
      "type": "REPORT",
      "url": "https://ubuntu.com/security/CVE-2026-31972"
    },
    {
      "type": "REPORT",
      "url": "https://www.cve.org/CVERecord?id=CVE-2026-31972"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/samtools/samtools/security/advisories/GHSA-72c8-4jf3-f27p"
    },
    {
      "type": "REPORT",
      "url": "https://github.com/samtools/samtools/commit/3036eb9af945fcef359427a2d359855553da4adf"
    },
    {
      "type": "REPORT",
      "url": "http://www.openwall.com/lists/oss-security/2026/03/18/11"
    }
  ],
  "related": [],
  "schema_version": "1.7.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    },
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "medium",
      "type": "Ubuntu"
    }
  ],
  "upstream": [
    "CVE-2026-31972"
  ]
}



Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…