CVE-2019-10269

BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
VendorProductVersion
burrow-wheeler_aligner_projectburrow-wheeler_aligner
𝑥
< 2019-01-23
canonicalubuntu_linux
18.04
canonicalubuntu_linux
19.04
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bwa
bullseye
0.7.17-6
fixed
jessie
not-affected
bookworm
0.7.17-7
fixed
sid
0.7.18-1
fixed
trixie
0.7.18-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bwa
jammy
not-affected
impish
not-affected
hirsute
not-affected
groovy
not-affected
focal
not-affected
eoan
not-affected
disco
Fixed 0.7.17-3~ubuntu0.19.04.1
released
cosmic
ignored
bionic
Fixed 0.7.17-1ubuntu0.1
released
xenial
Fixed 0.7.12-5ubuntu0.1~esm1
released
trusty
dne
Common Weakness Enumeration
References
https://coreymhudson.github.io/bwa_vulnerabilties/
https://github.com/lh3/bwa/pull/232
https://usn.ubuntu.com/4087-1/
https://coreymhudson.github.io/bwa_vulnerabilties/
https://github.com/lh3/bwa/pull/232
https://usn.ubuntu.com/4087-1/