CVE-2021-28027: Loading a bgzip block can write out of bounds if size overflows.

May 24, 2022 (updated June 16, 2022)

An issue was discovered in the bam crate before 0.1.3 for Rust. There is an integer underflow and out-of-bounds write during the loading of a bgzip block.

References

github.com/advisories/GHSA-cpqj-r29q-chrh
gitlab.com/tprodanov/bam
gitlab.com/tprodanov/bam/-/issues/4
nvd.nist.gov/vuln/detail/CVE-2021-28027
rustsec.org/advisories/RUSTSEC-2021-0027.html

Code Behaviors & Features

Detect and mitigate CVE-2021-28027 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →