MidnightBSD

Advisories for burrow-wheeler_aligner_project

CVE-2019-10269 HIGH

BWA (aka Burrow-Wheeler Aligner) before 2019-01-23 has a stack-based buffer overflow in the bns_restore function in bntseq.c via a long sequence name in a .alt file.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
canonical ubuntu_linux 19.04
canonical ubuntu_linux 18.04
burrow-wheeler_aligner_project burrow-wheeler_aligner *
CVE-2019-11371 HIGH

BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
burrow-wheeler_aligner_project burrow-wheeler_aligner 0.7.17