CVE-2018-13844

An issue has been found in HTSlib 1.8. It is a memory leak in fai_read in faidx.c. NOTE: This has been disputed with the assertion that this vulnerability exists in the test harness and HTSlib users would be aware of the need to destruct this object returned by fai_load() in their own code
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 57%
VendorProductVersion
htslibhtslib
1.8
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
htslib
bullseye
1.11-4
fixed
stretch
no-dsa
jessie
no-dsa
bookworm
1.16+ds-3
fixed
sid
1.20+ds-2
fixed
trixie
1.20+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
htslib
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
ignored
xenial
not-affected
trusty
not-affected
Common Weakness Enumeration
References
https://github.com/samtools/htslib/issues/731#issuecomment-403675330
https://github.com/samtools/htslib/issues/731#issuecomment-403675330