Reports and Resources
Buffer overflow in VCFtools 0.1.16August 14, 2018
Product Details
VCFtools is a suite of functions for use on genetic variation data in the form of VCF and BCF files. The tools provided will be used mainly to summarize data, run calculations on data, filter out data, and convert data into other useful file formats.
URL:https://vcftools.github.io/
Vulnerable Versions
VCFtools 0.1.16
Vulnerability Details
A Buffer overflow was discovered in VCFtools 0.1.16 version.
SYNOPSIS
Similar to report #11, while parsing an BCF file type, it calls the function variant_file::write_stats() which calls bcf_file::get_entry() responsible for getting all the entries from the objects. It then performs few computations.
The value of ‘read_size’ becomes -8 while evaluating it with size_int[0] + size_int[1] [1]. The value of read_size is then being passed to out.resize() [2] , resulting in incorrect resultant value, same being used by memcpy [3]as the destination. As the program incorrectly calculates ‘out.resize’ cause the memcpy() to fail and cause the crash.
The function memcpy() does not allow to copy 8 bytes from ‘size_int’ to ‘&out[0]’ as the value of ‘&out[0]’ is 0 , throwing a segmentation fault.
Fix: As a part of fix a bound check if added to check if the resultant value of `read_size` is greater than zero.
+ if (ret && (read_size > 0))
{
Commit: 116ee07aea83262fe81a2399e8fb406555c0ab7a
Analysis
Backtrace
Timeline
Vendor Disclosure: 2018-08-14
Patch Release: 2018-08-15
Public Disclosure: 2018-08-16
Credit
Discovered by ACE Team - Loginsoft