Описание
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| vcftools | fixed | 0.1.16-1 | package | |
| vcftools | fixed | 0.1.14+dfsg-4+deb9u1 | stretch | package |
| vcftools | no-dsa | wheezy | package |
Примечания
http://seclists.org/fulldisclosure/2018/May/43
https://github.com/vcftools/vcftools/issues/109
EPSS
Связанные уязвимости
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
The header::add_FORMAT_descriptor function in header.cpp in VCFtools 0.1.15 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted vcf file.
Уязвимость функции header::add_FORMAT_descriptor пакета для работы с VCF-файлами VCFtools, позволяющая нарушителю вызвать отказ в обслуживании
EPSS