CVE-2018-14329

In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.

Weakness

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

Affected Software

Name	Vendor	Start Version	End Version
Htslib	Htslib	1.8 (including)	1.8 (including)
Htslib	Ubuntu	artful	*
Htslib	Ubuntu	bionic	*
Htslib	Ubuntu	cosmic	*
Htslib	Ubuntu	devel	*
Htslib	Ubuntu	disco	*
Htslib	Ubuntu	eoan	*
Htslib	Ubuntu	esm-apps/bionic	*
Htslib	Ubuntu	esm-apps/focal	*
Htslib	Ubuntu	esm-apps/jammy	*
Htslib	Ubuntu	esm-apps/noble	*
Htslib	Ubuntu	esm-apps/xenial	*
Htslib	Ubuntu	esm-infra-legacy/trusty	*
Htslib	Ubuntu	focal	*
Htslib	Ubuntu	groovy	*
Htslib	Ubuntu	hirsute	*
Htslib	Ubuntu	impish	*
Htslib	Ubuntu	jammy	*
Htslib	Ubuntu	kinetic	*
Htslib	Ubuntu	lunar	*
Htslib	Ubuntu	mantic	*
Htslib	Ubuntu	noble	*
Htslib	Ubuntu	oracular	*
Htslib	Ubuntu	trusty	*
Htslib	Ubuntu	trusty/esm	*
Htslib	Ubuntu	xenial	*

Potential Mitigations

Follow the principle of least privilege when assigning access rights to entities in a software system.
Denying access to a file can prevent an attacker from replacing that file with a link to a sensitive file. Ensure good compartmentalization in the system to provide protected areas that can be trusted.

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-14329
CWE	https://cwe.mitre.org/data/definitions/59.html

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

References

CVE-2018-14329

Improper Link Resolution Before File Access ('Link Following')

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References