Bug 1735663 (CVE-2019-1010127) - CVE-2019-1010127 vcftools: use-after-free in header::add_FILTER_descriptor method in header.cpp causing denial of service
Summary: CVE-2019-1010127 vcftools: use-after-free in header::add_FILTER_descriptor me...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-1010127
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1735664
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-08-01 08:32 UTC by Dhananjay Arunesh
Modified: 2021-10-27 10:47 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2021-10-27 10:47:16 UTC
Embargoed:


Attachments (Terms of Use)

Description Dhananjay Arunesh 2019-08-01 08:32:30 UTC
A vulnerability was found in VCFTools vcftools prior to version 0.1.15 is affected by: Use-after-free. The impact is: Denial of Service or possibly other impact (eg. code execution or information disclosure). The component is: The header::add_FILTER_descriptor method in header.cpp. The attack vector is: The victim must open a specially crafted VCF file.

Reference:
https://docs.google.com/document/d/e/2PACX-1vQJveVcGMp_NMdBY5Je2K2k63RoCYznvKjJk5u1wJRmLotvwQkG5qiqZjpABcOkjzj49wkwGweiFwrc/pub

Comment 1 Dhananjay Arunesh 2019-08-01 08:32:43 UTC
Created vcftools tracking bugs for this issue:

Affects: epel-6 [bug 1735664]


Note You need to log in before you can comment on or make changes to this bug.