{"id":"CVE-2018-14329","details":"In HTSlib 1.8, a race condition in cram/cram_io.c might allow local users to overwrite arbitrary files via a symlink attack.","modified":"2026-04-10T04:06:34.366494Z","published":"2018-07-17T02:29:00.220Z","references":[{"type":"EVIDENCE","url":"https://github.com/samtools/htslib/issues/736"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/samtools/htslib","events":[{"introduced":"0"},{"last_affected":"be22a2a1082f6e570718439b9ace2db17a609eae"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"1.8"}]}}],"versions":["1.0","1.1","1.2","1.2.1","1.3","1.3.1","1.3.2","1.4","1.4.1","1.5","1.6","1.7","1.8","stable1","stable2","vcf-direct-final"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-14329.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N"}]}