CVE Vulnerability

CVE-2018-13844

** DISPUTED ** An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code.

5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

7.5 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/samtools/htslib/issues/731#issuecomment-403675330 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:htslib:htslib:1.8:*:*:*:*:*:*:*
Information

Published : 2018-07-10 06:29

Updated : 2022-04-19 04:11

NVD link : CVE-2018-13844

Mitre link : CVE-2018-13844

Products Affected
No products.
CWE
CWE-401