CVE-2019-11371Out-of-bounds Write in Aligner Project Burrow-wheeler Aligner

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.5%
top 33.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Burrow-wheeler Aligner Project Burrow-wheeler AlignerDebian BWA
Timeline
PublishedApr 20
Latest updateMay 24

Description

BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long prefix that is mishandled in bns_fasta2bntseq and bns_dump at btnseq.c.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

debiandebian/bwa

🔴Vulnerability Details

2
GHSA
GHSA-476x-vw5v-gv5j: BWA (aka Burrow-Wheeler Aligner) 02022-05-24
OSV
CVE-2019-11371: BWA (aka Burrow-Wheeler Aligner) 02019-04-20

📋Vendor Advisories

1
Debian
CVE-2019-11371: bwa - BWA (aka Burrow-Wheeler Aligner) 0.7.17 r1198 has a Buffer Overflow via a long p...2019
CVE-2019-11371 — Out-of-bounds Write | cvebase